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Abstract not available for JP 2004532554 (T) 

Abstract of corresponding document: US 2002141591 (A1) 

Method and apparatus for secure transmissions. 
Each user is provided a registration key. A long-time 
updated broadcast key is encrypted using the 
registration key and provided periodically to a user. 
A short-time updated key is encrypted using the 
broadcast key and provided periodically to a user. 
Broadcasts are then encrypted using the short-time 
key, wherein the user decrypts the broadcast 
message using the short-time key. 
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[ 0 0 2 5 ] 

[ 1 0 3 8 ] P C Pli^lC. - g ft" co & g ^ T- £ 3 -t -y > 3 > SE £ 5 „ C <0 SE 14 . £ 
-I' X L T £ IKI <0 X 4 tf * - X ha-*<05yXA&#!l!lj<04:-5 fc-^yXA-f^;/ 
YfrhK'k?* C fctf-C* SSlSlT'fc*, -b y S/ a >SEt4. ¥ X £ Bg ft -f 5 ft 16 co £ £ 
£ Bg 7 /I/ rf 'J XA £ ±Uci&f£ B&VJ**£U3. * Bg ft £ ft 5 fc , ^K-t-y 
a >SE(4glR A<t>ftB88El£Bg*|{t£ft*o C <0 I s 1)11 SEBg *} ft 5 ft ft -b -y * a > SE14 , Bg 

^ * £ t *» ic § ik a ic as u s n s . 

[ 0 0 2 6 ] 

[1039] m 1 E 1C ^ 1* 4; -5 IC . ® <0 $ £ . P C P©§KA<0 3k:-li7'7-f'<- h 

I4I^T, -PJWfc-feyS/gvaifcM-r*. PGPtt*ctntlOT, - Ift W fc B 30 
*lft<*ftftBg!f ££?g%?£ 0 Bg £ ft <9 8I £ tfi4 , ft Rg S! Bg ft to ?ij fiE #. t ft ffc Bg *Hfc 

<om&*mmt % a a ftisisEBg^ft* »> -«ic#tt»c»^. ft iki a Bg *i ft i4 

> ft 14 ^ ft T? , SEffi*fifc4. tf x- *2S®cQI , JIBfl'\<o»ft*5*. 5c IU^t)^5Ct(c 
J: *K ££fi£fa& 3 c * 4 < , ttfifctSEEfttf $&<*ft*o 

[ 0 0 2 7 ] 

[i 040] Bis. w & <o ag s> x # kj tfc -r * fc»t, Bg v; 7 ;u =f y x a 1 1 1 ic is fig -r 5 

|T'S5o St t4 , U * W ICIN « ic A St T- h % . SE -9- X li e -y ht'iSfilS. l v B»T 
S£B{t55ftlct3i>T, ?c ^ 14 li -9" ^ X i: t t (clftta-T 5^, ^ l»l SE * -< X t tt fiP Bg ^ f t X 

, ^ DU SE co * * 'J 7L £ ft T , X 5 f ^ - h SE ^ ift^ f 5 K 14 ffl JUtt W 3£ 5 . + » 4 B$ HQ 40 
t&tmmti* 6ftftlf , 7*7^^- h IE © ifi £ 14 5J fig T' £ 0 , SE -9- 4 X O 5g IR % IB S 

^'^^ncoiajsic -r 5, sb a, iB a! ic % m t z> ft *6 ic , st^-i' + < mm t % 

lfr-5AT*&5o ^ICx $E35-'\co*-y-fc-->*cOffigtt{4{5JAv fc'4:tfif<Olifficoyv- 
X*3SH«A'!m^U*ltftf4iQ:f>*l^^T-&5o 
[ 0 0 2 8 ] 

[1 0 4 1 ] £ 9 A $ & SE 14 . S )SI Hi] , Bg f ; }£ W ^ T- 5 ^ . SE (4 Bg ^ ft * ft ft IB 
T'M£ft3 0 P G P!if$lc> SE*2ot07r-i';l/lcgeia-r5 < , -r«ct>^, ft ffl tt 4) ft ft 
O 7 7 -f ;l/ i . X7-<^-hSEOft«)C»7rY/UT'fe« 0 Cfte>c07ri';K4*-3fwU^ 
-i:fl4ft5o 7X«;V->'a>lct5t>T, P G PBSffy Xf Ali, IWitSSSA© 50 
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£ i»i se * m fa ti <o a i«] * - * * j<" - ic w -r 5 o & e # <n -/ 5 -r ^ - h se it % s e <o 7 

[ 0 0 2 9 ] 

[ 1 0 4 2 ] ± T ft if 6 ft £ #>J ic 3B tt "T 5 J: ? tc, Bg ^ ft te 4: tf'ffi 5? cq ft 46 Sc ffi ffl ? ft £ 
^Oj^^^-eft^ftBg^fttsit/ffi^^^ffTt^J:^^, *J<fctf»^ifijiifajcWLT, 
#3£ft£ftS C t ttmmic? 5 C t£3t?o SStc, SI3ftt4. jBHL4^»H«fc 

w § £ flf r# -r * 4 a e ?? & t> ft * c £ » m s l . § % ic s & & § # 12 » / y -t - •>* # 

fit H £ ft ft 3 0 ¥ (C 4 o T Bg ^ ft £ ft , tS = # K 4. -5 fe <0 T 54 4 V> C i: * £ It IK 9 -=£ Ic fg 10 
lE^r^^SagUT'fe^o 7'5-l''S-bgE£ft-;/X-rA»;:*5^T, g| (j fg $ (c2ft£ ft, file 
*T5SES^fc«tt>*iEa*,lS 1 iiEtce5(aSftft$^fJ : .^'j-iSo ffljK-T^Stt, Zfy^-<- 
KM^ftX*- A(4> Bg£S<0 -5 S lc3SM£4;t 5 V* •? T ft * „ 7 5 -f t - h SEBg 9 
x r ix fc is 5 Jj © tfj m «ii tt , -Cc 12 S ft ft i£ 9 -T- * , fie m £ ft ft S ifc 0 # £ fil ft £ 
ft ^ ^ -y -b - £ Bg *f ft r £ C fc^T* 5i*iOT'fc5o £ t X' ft % „ iiMt Bg 

»> <o s j£ ti SE S ft fiq Si co M Sii * m ^ m ik * S , VtK . at 2< ft ffnc i -6 (ill § f -5 A tf^ /i 

i:LTt»rr*ffl5i{c-r5ttft^t».SEXftjcn9-r5-r'<Tconga*^^-r5t)ttT'Ji4 

tflitiS. (^•y-b-^?rBg^ffr5fci6lc+^>*) 8E<0*<om*rti, iSD^cOf.f^co 
IM^C57'fryr-i'-r-(*cOHI8!l(Ct4P>*l/>L, -eftft'^T', SSKAcOT-Y-ry^-f-r^ 20 

[ 0 0 3 0 ] 

[ 1 0 4 3 ] 1 0©MRIJ, 'J X h 2 ft ft SE *i« IC, Nft IT, IdflSnT^SSW 
, UMm. l/3m = #fflitf^IIAt"^(fft5^^P.ftftx>7 1 ^f--<cr)aT-ft5ili:^ 
f* ,11 f 5 IE fE /»i f« W % IKI 58 1 5 C t X-$> 5o ^«14, — 85 t4 . '^K«IC14, §1^564-^1* 

. i^»)?tstj^(o##cofti6{c, ffifi^ft, K&ztiz. m<o o x h & azimmt ZT 

4 fyf-j t<( tflEL < St»*^j:i/^ * fS ,iiE "T 5 „ ftijco^&ti, 'K <0 §! £ fG •ft L T JEl 
8*1,, # ^ (0 S2 ^ $ ft ft ?3 a tc f3 m % W < a - if ic f« U T 5 ■> R S A T* (4 , Hg % ft ? ft 
ft^-y-tr-v'IC/jpx.T, T-Y^y^-fr^coSEm^iMfaLftt^^, S^Aty^-Y^-h 

8E T- Bg ft $ ft 5 . § It ¥ 14 , ^ 0 ¥ <0 * ^ «5 S? SE CO ffi ffl 4 0 ¥ A «r Bg ^ <t T' t ft i: ^ 30 
ii^ ic, Mffi^m^1-5Ci:*ftliEr5ft45tc. iStc R S A 7;Vd 'J XA^tfflt 5 c 

itft'tS. — fia tC. Bg*|ft£ftft TifSj ti«5ffi^ -y -t - v> <D @ *J CO 8t 3* ft rg^jj 
6 ^ fiSc ? ft 5 r^vt-y'^'f y'lXFj T ft § ( 9 £ Sf ?$ CO * -y -b - v lc t> ft 0 @ & 
WT'ft*fc£, -a»]oftl.XliOcoSltIf){0#(i^^Tf!Jiffl-r5Ctt^'3^5) o C<04 
■5 1CLT, ^•yt-^coigO?co*^^co^<y-b-->*ti:WLTiE^4gS*%'i-r5C t 

T* * , 5 11X 0 ^ tC » L T 88. ,11 1 5 C t T- * 5 . 
[ 0 0 3 1 ] 

[ 1 0 4 4 ] / -y -t - v ¥ -< *? x X h t4 L, ff L 14 Bg 5=J- /n -y i/ a litl g( * ffl ^ T ,7t W * ft 5 » 
Bg^M.v~>aBaSct4, A^cOS$JCf!af^*<, A * *^ 5 (ll3!coe-yb^T) ffl^ItW-T 

5 o Bg Jj- /% -y > a lii] Sit CO t# 54 C 9 T* ft 5 : h tfi '} %. % ft 5 £ > * O fti 7^ * £ C S A ^3 40 

5 C t ^If+SWlC EJST'ft So Bg^^<y ->rL|18^<0-f5IJ(i, *ra»}^cr»®«^ffi 
5aam<8i>«, *fgf«i5fi«5fS^ra(C J: 0 l^fi ?ftft r ^ /% «y a M « J FI PS P 
UB 180-l»Cl2iIi)c^ftftSHA-lT'ft-5o 
[ 0 0 3 2 ] 

[1 0 4 5] EI2l4£!»<Oa--9 I £-t>-;tf-hl_, C^05gaJ^^0'>4<i:t,^,^<O7b>^0SR^43 

£if-£m<DBm*nm-rzzttfT'2zmm->7>7-L\ o o o-mr- & % 0 ->xtai o 

0 lc 43 T\ ^ f,i * X *r f J> a - ;U T S ft «) 5C 5 v> 5 4 7 fl zl V X l* is J; If 1j J£ <o t> -f n 
^•Srf£ffl-T?>i:i:A«T*t-5o ->X-rAl OOI4^S4cO-b;l/l 0 2A/1MI 02Glc^LT 

as fa j& (tt ^ a ^ft^co-fc^co&^ia, -eft-rftwis-rs^^iyiisi o 4 a?jii oh 

IC4t»-9--tTXSft5o CT^^Il!iScO0^ICt5t^T, Sifi^l 0 4 O) V* < O AM4 . lfi|3t<0§ 50 
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ia7>T + *fiL, m a m - <o § & r y r -f * a t z . m & ic , ama \ o 4^><o a> 

{4^3a«OiMfi7>-r^-*^L. fti <4 , JH- CO & {3 7 > *f -f * £ ? 5 . MiST > y- i~ tgQ 

7 y t -t <d m & fc iiiii pa (i m ^ „ *-nu>;u «ija^sosf,!7yfttiii-o§e7 

^r + ^rft-r^ilttsifigT-feSL. *ftl4M©M7>7^tW-<Djg<37>-r^;& 

* £ St S c i: t nJf&T& 5. 
[ 0 0 3 3 ] 

[10 4 6] ft'<-1Rl*Ag>fl|5Kl06ttB£ ( 1" £ "5 , SlitLT^S) LT^Tt J: 
t> U 3: ft LT^T *> 4: 0 2 IC^T4: -5 (C . a^©JS* l O 6ii^XfAi(* 

iCftiftbTV^o 1 06li, V 7 K*7#$ffl <*n-5 2)>£ 3 fr, £ft{4«8* 10 

* si » © a «i a *» e^stcoi^fs* (ran*c*fctt«*k:) sit 5 * ? leasts nun** 

fc 4: 38 £ < ^tUXlcO&ife^ 1 0 4 £3§{3f£o C D M A SHg -> X f- A <D 7 7 h >\> Y 

* 7 a , a ffi fr-j tc j; < *n e, n x & <o , c <d ?g tn j <q m 5? a k as m. $ n ft * m m hf jb 5 . 1 0 

1. 50 1 (%w<o%>fo-- r C DM A-t /l/ -5 Xt A icy 7 I- >\y V *7 £{J**&-f 5 

ft *6 <D j£ *5 <fc IS */ X r A J (METHOD AND SYSTEM FOR PROVIDING A SOFT IIAND0FF IN A C 
DMA CELLULAR TELEPHONE SYSTEM) IC 5* HHIC M £ tl T i^ 5 <> 
[ 0 0 3 4 ] 

[1047] ?v > v > ? &mmirvfrt>®*^<DmmttB$zs. t y >? it mmfrzu 

it!i ® *\ g fg £ -S>" o 0>J 75 Si ifc £> Jf5 <I £ fct^T , 1 0 6 <ov> < ofrli . $lfc(0§(§'7 20 

yTi-*tiL. ililatO(OflI7>ft*flt5. 12 2 T , IH^l 04AH 

^^y;y^*^LT-r-^«rJS5kl O 6 A fe ,}: O" I 06JIC2HIL, SHii I 0 4BU 
SS M 1 06Bti±lf 1 0 6 J IC 7 s - £ £ iS f,i L , US U 1 O 4 C (4 SSI 3fc 1 0 6 C K ? - * 

[ 0 0 3 5 ] 

[i 0 4 8] m®7 - z )&® <n m z x ^ z £ is mmm is &wi * ft l x m m% v 

- If X © ffi-JM K <t 0 t$ £ <D -r - * - X AMKI 58 $ n ft . * « «fc -9 ^ - tT X O 1 O (4 

r - £ U - h ( H D R ) t *$■ M n 2> o H D R - If X <0 m tt- 54 . r 1 1 D R ft m 3} J t if Jf 
tl§ r B I A/T I A-I S 8 5 6 c d m a 2 0 0 0 iES L> - b * -y h X '- * A S( > ^ 
-7z-Xtt«{fij tcMSttT^So HDR-9--eX(4-fl9lC^S^ja(l^X-fAtC*JV> 30 
T , r - ^ O y b Z Mii? Z %)®ffj%ft i£ Z MMt Z M fi ^ X T &^<D $> 
•5 0 jMfgSnfcr-^fflfeitfiMfaial^^tQAStCon, IS^^moftitilcliJfflnJflg^RS 

e n ft ?{? Js« m a , u y-xjcft*. ^n«)^. x fijfflnifli«fff4(«(o{S!ffl«rsafbr 

•5 3£8 (S -y X r Ix tc *s it 5 (3 * X * n. - 'J > y t Z 9h * W X- IE ^ ^ ft ft to <D SI 14 
A^feSo WI^^J5S«fl5ffitct3^T. IZlciti'Xf i» 1 0 OliHDR^-fX^WtS 
C DMA *^7°:xX-rAi:-&T3o 
[ 0 0 3 6 ] 

[1049] -'Jistsco^fgtcjcnif, ^xfi» i o oa, i'.'syj7o-K*-vxh-«t-trx 

(H S B S) tiflfn^iffiii^/l/f ^f-<77n- K* + X h+t-VfX^lt^ - 
H S B S <D m S 7 7* U V - ~> 3 > 14 If* M t X - 7 -Y ^ > h » ® <D M r # X h U - 5 y if 40 
(video streaming)"? $> Z> 0 HSBS-tf-ext4, ^>?-^>^^D (I P) tc 

S-3< /^-y hr-ai-»t-trXT'*So ffll^56MO«/l8»CfieoT» ^ - If X 7 s a /W ^ C4 
?OinSii7o- K + -VX h-9--ex<Dfilfflojfigtt*a--tf(C^-ro H s b s-*t-tr 
XJ&Stya--ift4, •9--tTX«Sfr]-r-5ft46(C#L)i^> i>3-hM^X-rA ( 

SMS) , »87r'Jfr-i'3>ynh3H' (WAP) m * ft L X . 7a-F + t^h* 

- if X X * S^" a - Jl * % M t % C ^ T' 4 •& . * > W ;U ^- - If f4 ^ id /3 (MS s ) £ Pf (4* 
n^o MitU^ ( B S s ) (4, HSBS |J!1 ill ^ z> * - Z % * - A - *\ K>« -y -fc - T? i£ fH 
t5. M S ifi 7 a - K * -v X t -fe -y 3 y «r 52 ft L ft 1/^ t * » MSIi*-^-'\7 H^>y 
•b - V % jg W ts. ♦» fig «r ^ f / -T « o X tc , M S (4 II S B S f- * * ;l/ * a tf M( % Sfc K l>0 18 
L,7a-K*^Xr--9"-tfX3>-r>7?r5fI-rSo 50 
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[0037] 
[ 0 0 3 8 ] 

[ 0 0 3 9 ] 

[I 0 5 2 ] M7**X, ■||P7**X, *J:tf«»IUP7 ****** HSBS© 
[ 0 0 4 0 ] 

[10 5 3 ] Hi7#tXOi||ft, M S extent T*Lii**L 7 

n- + x h*-i£x*afi-r *fc»«c »cr ^ e * u a a, t i,* * ^ a 1 * 

X*-ili»i*S£tt*(RI&U * - e x © js si * w ± f 5 

[ 0 0 41] 

^^©issii, MftsnfcH s b s uii*%»fb-r* 
«t ? fc a m 1 * c t # t- * a o c n s © us if ft ? n r t> & ^ * y * > i« © x v a? ^ - ,ui 

[ 0 0 4 2 ] 

[1 0 5 5 ] M « ffl(3 5/ X r A 200ttH3K:B»*n*. e? ? :tfcj;tf:t-7W*1ff$fi 
tt, ziy-ry ( C S) 2 0 1 MtSn/if-^ - tf X * y h 7 

(PDSN) 2 0 2 K{ftfcSti* fi lfft*J:tft-f^fflfflliTl/H7pyf 5 

f p^5*?22-* DSN2 ° 2tt3r ****» (AN) rt^ 8 *ift*C 

1 P/N^rv h*ffla** 8 SJfgf *«}::> IC. ANtt, ISg ! OMS 2 0 6 i:iii@tSBS2 
0Ud«r^XfAO-»UTMJh« t PDSN 2 0 2!i, B S 2 0 4 ICftKJft 
( 5 ' » S B Stf-KX©ig£. BS 2 0 4li. P D S N 2 0 2 ft. 6 ffl $8 © X h U - A « 



PDSN 2 0 2 IC||^n5fitCCS20liaD3>f>htf 
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[0043] 

[1056] 0 4 (i , 03OMS2O6Hfil©MS3 0 0 OHSiEIT'$5. M S 3 0 0 11 
. g {fHom 3 0 4 IC & ft 2 ft 7 > r ^ 3 0 2 * -ff "T 5 0 MS 3 0 0 B, B3OBS20 
4 t n til <0 B S ( 0 « r ) *» 5 © iS (I * £ @ T 5 . M S 3 0 0 li a - if ft S'J * >* a - A* 

( U I M ) 3 0 8 it/W*«B (ME) 3 0 6£#tJ o S?:{tlPjSSfi. U I M 3 0 8 tM 
E 3 0 6 (eft ft $ ft £ . U I M3 0 8 li H S B Sj£<S<D£&tt<9;tei&{Cft3£3 i ftt*81/ra 
b s !«<Oi5;ME 3 0 6 t;«^t5, ME 3 0 6 H, & H Si @ 3 1 2 IC fg ft T 5 C 4: # 
T'$5. ME 3 0 6 C ftlC PE 5£ £ ft & ^ # , II S B S n^r^FX h',)-A<Oft^£ 
^tJ^aW^JaS^r^^-TSo ME 3 0 6 «> ^tnhV-J'ar? MEM3 1 0 
* # tr „ 0H 3? H Ml <D & m \C 43 ^ T , ME 3 0 6 A9 ( 0 ^ * f ) tC *5 It £ -r - £ 43 <fc M 10 
E^tUXH/-->*a-7 h IC 43 It ?> r - * ti , m S ft fc U V - X <0 fit! ffl (Cfc t) # Jta X £ 
«C £ 0 g £} K 7 £ -t X 5J fig T* <fc »3 , * ft *t> z. > ME 3 0 6 !i$iT'4^t,it3h5o ME 
3 0 6 £ iffi m t fc t?l S £ ti M E 3 0 6 IC <fc 0 fflffl $ ft 1fl $8 ti . S t> ffl IUJ /£ It , £ £ tC 
JH«^«}{t5„ ^ftti>X., M E 3 0 6 t nti?ZM<D£ ? fcttffi©ffi«* Utf tif^Jli 
•f&C i: 13 £ Ll/^o 

[ 0 0 4 4 ] 

[ 1 0 5 7] U IM3 0 8tigM8IHIM**ttJ#L£ttfttf&5£^ ( Hg t? Si O <fc 5 & ) *B 

$8£§B1i LSaa-T a i: ? tcgftSft*,, U I M 3 0 8 li2c£&glH&0>-C, 
tc 12 tS $ ft *B * <i > J^Xf i»A ,J f ©8$filS4 L ti L tf I£ H f 5 C t*^f ItS^t 
ft&KtfJKt". U I M 3 0 8 l±, 2c£U 1 MMiSfS (S U P U) 3 16 t >f ti* ft 3 M 20 
% 03 & , '£ :£ T* <& £ £ fl Si £ ft T ^ * £ £ U I M * * U & It (SUMU) 3 1 4 tnisn 
5*€l>XhU-i'SIS£f*Jtfo U I M 3 0 8 rtlCfc'^T. SUMU3 Hli, © ti!J *B 
'NfO^IET * -tr X © £Uft £ M )B S -£ S <fc -5 tc IB & VI *fi £ .12 tit f 5 . ttffitiUHft* U I M30 
8fr6!3£ft£&<E>, ^©T^^XIJiifit^lfO'J V-X?*|?tt5T'$5% $/c 
, U I M 3 0 8 rtKfe^T, SUPU3 1 6li, U I M 3 0 8 C» Lt^lHit ^Si'lClM 

lx l . *5*tf/$/-ciiu i M3 o 8 k m l x po$ k $> z micm l x n\n z n 

jtf 5 „ if- <D Ifi Si ti . SUMU3 1 -H:£ttl/TttiatftliME 3 0 6 C26n* 
. SUPU3 1 6 * ffi T 31 ft £ ft £ 3t JJ ti . »*T*flO'J V-XtS l/fcx^f ^ f 
^ICt0UIM 3 0 8 A>69?i:k* , T«5fl»7*«. M « fc , SUMU3 I 4rti:£ 
13£ft* ( L L , ME 3 0 6^oaj7jT'fifc^) i^i:tBSl?rt5S UPU3 1 6 £ 30 

©tu^tt, fliiBoa^ftsajvaftT^ttoy y-xt««tt« * a t»8t« fts= -a 

JSCJBJBlCteVT, U I M 3 0 8 ti , MS 3 0 0rt©B$Sltfi5. ffl & T ^ t H . U 
I M 3 0 8rtOfi4^t'J6J:tf»aE*l!lt, U I M 3 0 8l±Sft, «ISSf, c * - 
/U 7 Hl/Xfi, •> x y * - z/ $ fc li U R L 7 K b X tit $8 , ti <fc / £ ti X *r >* a - »J 

[ 0 0 4 5 ] 

[1 0 5 8] ttfc>»)<D3iffis<afl5!lBli> llttanlfit'Scfc.tD'/S/itiS^a^^Anifii^ui 

M^ffilStSC t^T'tSo MS^i<OiilCfcV>T. SUPU3 1 6«, HSBS«07 
n _ K + hnr^ h<0Bg^{b%5jfigtc-r5<fc -b*a 'Jf -f tSt<0¥ftt*^^. 

[ 0 0 4 6 ] 

[1059] UlMlitf&tOa-lffciajiL, ilC, MS 3 0 0 AI, fi??jf^i^^7h9- 
^A©7f tX«<t3i:, a--9 t lc4^e.ft/it$ffi<Oia«SA^aA^-5fr*^2iE-r5/'c:*!) 
tcilcffim^ft^o ^-fti*^., a-yiiMS 3 0 0 iHU IM 3 0 8 KBiLTV>5. 
|3)C:i-+f#*fijgC0)U I M3 0 StCiltSCi^T'SS^ 

[ 0 0 4 7 ] 

[1060] 7n-F*tXh*-KXtt, HtO<i:-5lcSI^, )juAtfca--<flcffi«-r5 
A> * U£ f 5. 1!!J 1C iffi L X ^ * 0 W & <0 B-V 111) IC 7 a - K ^- + X h n > x > b % fti U tSf; 
»C , M E tiSlffiOig^SiSrfc^ftttfttf ^ p>^V> 0 +)--lfXOSil«rl3lS-r2>/ifctC, 50 
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ra^sittMKic, mxti # to ic m m l % if t\ a ft$*^ 0 cn^iSi at & ss m m (sk 

> $tot, S K li , a - -if ic ft h X . J r ¥ co H ^ o & g ft ffi Art % f.V o t © i: it * ? c i: A' 
UXhlz-faz^F, MEM3 1 0 A» £ # ftn A # A 11 S K * $ 5 n X h A< S K <D IS £ £> & 

$Ztom®itMz.rc tuiiz-r z„ t^b^sK* (ia&ic) tunxhtfii^jg^, m& 

ft o T , «'JXH/-->'li'yK MEM3 I 0 IC *5 <^ T S K £ {$ H "T -5 & g 
tffcU*. LfrLfttfS. M8IA*, S K (Dli$i£ *) t fil^ifr* -5 * £ , CC»S8 
£ ( i3 i£ ic) iH^x HiSIJ: H'>4t\ C <0 Ifl jJE ic & ^ T , ^ 'J X h U - a - 

M E M 3 1 0 t> * <D J: 5 * SI £ ® 5 #J & A< $ 5 „ ^ ft ft , S & (ft IC IJ „ ;< * 'J X 10 
hl/-5>ar?K M E M 3 1 0 I J , SKO^fft±9fc&^#fft£fiLfc&S;*£t§Lft 

[ 0 0 4 8 ] 

[10 6 1] S K £ H * <D tja A *f $5 MIC fi2 /li T 5 fc V> IC C S ( 13 55 "f ) IC £ »3 fig flj £ n 
£***/l/li££-(?&^i;#;te>tt;&„ ^ n #> * . ^*.54afcSK£ffa*riT5£:£, cs 
fi, *nA LTI^ft^a-1f s K <D fii'i £ |& T fiHfi £ ffi ill -f 5 c £ J&S/tJo ££lc, cs 

cosmic, sK^sa^-r^o ^iMfa«^to<o$^^^ffiii{ajj!JT 5 ^$!c<D§i<oi5««r^iig^ 
u -fls»c(i, ffigcoa$»c*tLTfigi5jfi6T'ft^o 0v n «s <o j& m u * #toA^^ta# 

88 * $ 5 C £ A< T' £ £ ^ «k ^ ft 7? £ X , ^ B$ 110 7 U - A ft T' £ IK tf) til A # (0 -t v Mc '<g 20 
[ 0 0 4 9 ] 

[10 6 2 ] M /Tx fig <D <g IC *i t> T , M S 3 0 0 l± M VdM ii] > X f- L IC *5 ^ T H S B S 

%**-Ft5, HSBSAO/nx^igiiftitiic, a-f (iggL, ^-exicDnA 

L jS: if ft tf ^ & * i> „ * L * AW * - 7 ;Hc ft £ £: . f.H * <d SE W tc ili #r ? ti 5 . 

§^7o-feXtCfct''T> C S i:U I M3 0 8 (i . 3L—*f£C S t OlfflO -t * a 'J x 7 V 
->X- -> 3 > (security assocl at lon)i: L T £ !ft T « IS §E (R K) lcrn|jS-r^„ 

fi£-3t, CSli, U I MK, R KT-^%it2 ftfzZ $ & Zmftmmzm®? Z £ ttfT' 2 
5c RKIi, U I M 3 0 8 ICfc^T, Wft £ L T Z ft ^ ^i^tlftU I MICJttti 
|T$5„ -rftt>%. &a-iflCliSft5RKA^JlT^n5c g^^D-bXfcttT'li, 30 

H s B s i;a-f 7^tx%^xii\ ±T'ia'</'cJ;otCx g^cQifc, a-Hffiit-ifx 

^r^LiitJo *Lii^<D7 , P-tXJC*5(/>T, CSIJU I M 3 0 8 Ic tt!7a - H + t X h 
/^•bXi (B AK) ©i*iSlt5, CSItMS 3 0OIC, »KU IM3 0 8 E, Ul 
M308 1CiaWRK^ffl(/>TBR^ft^nfcBAKOfiB*jMfl-r5o UIM308(i, RK 

*m^rzB§mtz ftfo*- 3 yfrbtwi-frit a k o (a * p? £ -r 5 c t a< t- 1 5 . b 

AKtiCSi^UiiAfc*a-1fcDy;l/-7'i:<Dlll|cD-l:*a'Jr-<7y->X-i/3>'J:LT 
(DWbife%%rcT c tSoT , CSliSKi&if^l-S/ctolC, U I M 3 0 8 l;fct>T. BAK 
fc^^^n^SKMtH (SK) tWlStlZ T - ^7o-F^Uht5« ^fC. UM3 
08ttSK4ME 3 0 6 K*t. , CSti, SK<9«frL^{fi£*L)£A,/c 

a - -9 s © M E ic % ^ ft IC HH Vn- f 5 c i: A^ T- $ 5 . 40 

[ 0 0 5 0 ] 

[10 6 3] K<r>M\t, aSg7'D-tx*PSfiici!>-N§ 0 a--»fA^^5ttfcCSlca^ 

UM 3 0 8 iCS (gliK-e-f) li-t + a 'J f 7 V 3 J'^flllt 5. T 
ftt5^. UlM308irCSIi^S5®RKiC|B]jg-r5 o RKIt^U 1 M 3 0 8 KH*Tft 
5„ Lfr L, a-f tf)gS!!©U I Mi&WtS^?., cn^CU I M«, CScOiSmicj^i: 
TPHtRK^ftfltSfriLnftl 1 . C<oai|lia--»fA^C SlC<t^^(}t*ni.7"P-K 
* + X h ^ -v * flic M« t ii ts t , S fc C± * L iA * <D mi IC S U « C k A^ T- * ^ . <H 

-(DC S!ifi!S037D-H*+Xhf ttw^lSltttSiiitfT-f 5o CSIi. n.--*f* 
f ^ X (0 * -v ^ /V IC tt L X l»J t R K «r tiU ili -3 1* 5 <fc -5 IC m «3 "T 5 C t A< T' # . 3: fc 14 , S 
^■^^;Hc^UTlS!-r-5«t3lca-tfl£:SjR-r^J;^lciSHR-r5C^A^-et. 43^013] 50 
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?5, a&ocsii. m c fisatfcttfflr s <t -5 khhr* s c £ * . ^cstcwur 
w * 5 r k * « u b ffi ?y * s £ 9 tc a* # -r 5 C £ T- $ 5 o 

[ 0 0 5 1 ] 

[1 064] :o'bta'jf-fry , /i-j'3y*iat5ftft0 2'3osa5't | j*tt 

„ (3 C P PCS^TffflStlS) ( A K A ) #i£*5i:tJF I Pse c(Cfc^T 

Sffl?n5^^^-*-y hSSH^ii (IKE) * a tr . t^fncLtt, uim^'J 

HSUMU3 1 4liA8tt"flfn5ifa*^tfc A K A 2f £ M 

AKASttlCtS^T, A SI li , U I M <fc M S ft T <^ 5 !B H # (TTP) K 
0*a?.nT^5fiSSt'fe5 : TTPttlOttlOlVf -ff •f*5**LTUl\ T 
T PI4-)Hlca--9'^B»*n*»ft*-»f^^a/W^t?a&*. CStTTPiO IS O 
f * T © ifiS U »i £ £ t? £> 0 . f U> C SBTT Ptf7D-H* + ^ Pt-CX'sO^iE 

7*-bx*3fciftb*^T?fc3S c £*£ttf*o a-* tffiSt 5 i: , CSliTTPlca 

- -9 s tr ;uc I* » -r 5 c a,t^« c t **ne>4*, a - -? 0 0 * <o 

ft SE % It % •? . TTPli, A SI £ R K * ft U T * ft tb <0 ( Bg 9 '\ v i/ a M ifc E Si ffil b ft 
) |!i] 8( £ fig )\\ f 5 t £ £> E , « ( R K I ) t li ft § 2 £ * £ f - # % m ill ? 5 

TTPti^^^^-V^-^^/M-T, C <D<fclSE|^{fc©MWtflcD-r-£ R K > RK 

°I * C S E »-f . C S 14 , RK I 5:MS 3 0 OlCgSo §S@!S 3 0 4 ii, R K I £ U I 
M308 EJKL*S6<* R K I *ME 3 0 6 K»t. U lM 3 0 8li, R K I £ > UI 
M**«;a--yhSUMU3 1 4 ClBfiS ftTI«»5 Allt A» 6 R K €§|-»t 5. R K Ji U 
]M^tyai»hSUMU31 4CEi«ft, ME306 EflS&<ft*&£ft&V>. ft 0 

© 31 fig <d Jfc *S ti , iKE>'^U:**ftti^©ft!!©#ii : £ffl^^R K ^ : ft' r;5 ° R K <i c 
SiU I M 3 0 8 kO"b*a U 3^X-3/ a y t tT«ifir *. 

[ 1 0 6 5 ] A K A * i* E 43 ^ T\ RKIiCS. U I M *J i tf T T P <D IIU T ® « * <7 * * 

So ^nii)^, cc-cara-ra^E, a k A*i£ii. cstuiMkoiot + a'Jf 

^7Vi/x-i/ 3 ^B. usjSR©$*ETTP*fttri:4:*fl«*-*-*. CSliTTPi:7n 

rv i/i-^a ^'sot t p«stB- t* 3 ')f -< astttf^*^. ± as b ft ■? e 

«iJU^^-^« MBM3 10fc«ttSnfc**lA#7**Xtt*«>UX* 
1c <fc 5 OT'fc •? . i^T, MWSftfci^tt»*>«EM»*ftfctf-£*^®:f 
£ «J fig K <T 5 o ME 3 0 6tt, SK (7o-F + 4rXb3>?> h*«9t*ft»Cttffl 
£ ft S $ l?l fH ) *** tf X h -y h , M E M 3 1 0 Ka31g-t So C S « S K«r3t 

WTSft^^c*b^^ft•i-^«ft»^^s«* + ^^ c ^ ^^L ^ ltn{^ * 6^c ' / ' oft ' LiiA ' 

fta--tf<0M E 3 0 6 A<C4>ffilBfr5 S K^.ltW^SC t* ( T'S/c4b, S K*,itV?f S 
fcfcfc,*!»**5ft*ffi«tttt«E*5C i:tt-e*ft<r*. CcOti^, *L&A,?*^:x- 
*f(DM E '4 0 6 t C <Dt,?ffifr t> S K «r 5t ^ T' t ft t {Kft? So SK©«ltt, C 

st SUMU3 1 4Ki0«S«ftitt«t*ffl^f SUPU3 1 6 IC *5 T 3t 13 b It 
tUffcfc*^. C S k S UMU 3 1 4 li. RKO«*«flt5tf. ga-fliRKtl^ 
B*Ott*StS. CStfRKOt^TOltffll'TSKMHtU C ft €> <D Bg if ft * 

nfc«a*»* b&/uft^--f KjSfi-r*icu:i*«# + »Tf4^. *»i<DHffiMSt-ft 

[10 6 6 ] WTORHIi, * b&*7n* **»«E3e«'r*. S4ftfflSKO»* 
fi4fil**filBt*ft»lc, CSIiai«K«a7a-H + ^F7nx« (BAK) 

% s in a n u i m 3 o 8 \c u jw w ea ft -r s . s*pa*c»lt, c s n . »ct5R k 

*JB^TBAR*«9ltL, BAK] ( B A K Iff $B ) i* tftl * 19 * . C S H . Wl5 
-T S B A K I Z)!Q\f i 3.-*f<VM S 3 0 0 KjSUtS. W * If . BAKU* § M S JC WtS 

rsRK*fflv>rng4tit^nfti p/^vi-iLtafltscttfTtf*. m*xm<om 
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m K. i8 V* T » B A K I 14 1 P S c c /< * y h T* & Z . Wl * % <D © !g IZ fc l> T , B A K I 
14 , ®iLTR K*ffl^TOfi§ftSnitB AK«-#tf 1 P S e c T- ifc 3> <, R K 14 a - +f « 

©SET-fc 5 o-e, csii, b a k fc&toAM* icHKi isitnif a t£o r, b 

AKIi, ;7a-F*vXh?-**/U&frLT&fa£ftfc^o M S 3 0 0 li B A K I * U I 
M 3 0 8 IC iS 1" „ S U PU 3 1 6«, SUMU3 1 4 KEfijnft R K Ol* ±tf B A K 
HD15I^TBAK%2tBt5, * IC , B A KOIIJ, S U M U l£ 32 tt £ n 3 . 0>J * 31 
SS «D 0 IS t£ fc T » BAK III, MS 3 O 0 IC B A K 1 % U I M 308lCiS-r«t3lC^^ 
L » tS <t tf U I M308KBAK I * Bg f} {t f 5 fc 46 IC R K £ fit: ffl "T £ 4 5 l£ ft "T £ -fe 
ta'Jf^^^-^yf'yn (SPI) S^tl. 
[ 0 0 5 4 ] 

[1 0 67] BAK£Hrr?£/-c46^mM«>Mfc*->S-^.j/K£ll$5C£fc<> C 
S B AK*^ft0A^'fW^tC^yi5IfiHCl-5(DlC + ^T-*5Ci:^^$4aSo ME 3 0 6 
14 , & H$ fig IC ft 0 , «S5;i^t 3 £ -9 IC ^ & S ftt ^ & «0 T' . U I M 3 0 8 li B A 
K5ME 3 0 6 tC||t*Sl4lS BAKIi, CS£HSBS^-fc:X(DjfllA£?)yH'-:/i: 

[ 0 0 5 5 ] 

[10 6 8] M T 0 8 « li » iSaLft^Ljift^ntXlcSl^TKO.k^CS K*S!li 
ftSfrlCO^TM;^** BAK£MT£fc£cO&KfllllJfilC:fcV^T, S Ktf^n-K + t 

xhf- + ^;i/icE^sn?)S)Wiia<o[i8PgA^*&sn5o s k # b a k t s k i *>5&£t* 

IC , 2O<0ffiSKtSKI (SKltt*)*»***fci&fcCSIi 
ffl IT & <> 0J * I4\ S K I ti, atlt, BAK^rffll/^cSKcOBg^r-fctimSolPJTr:^^ 
<0 JB » K ft ^ T , SRIli, itlTB AK^ffl^TSS^ititlSS K5:ttf I P S e c 
/<y»H?*5. **^tt. SKtt, 7 n «y * S K I tS J: Zf B A K <D til ti D,1 /\ >y a 

[ 0 0 5 6 ] 

[ 1 0 6 9 ] S K 1 <D h £ SB % 14 -> i»J T t 5 A» t n 4 ^ o (M * If , S K I <D - SB 14 . C 

<d s k i *Mf ^ t * f * -f a * Y a p.¥ mi 5 tt * f 5 C T' t * , S K I.AWSfl; 

T'fcS, C © W # tt » 7D-K*tXht-tXO-»i:LtMS 3 0 0i:2ISSn5^ 
® 14 4 V o S K I ©SO f^S. S K I _ B 14 -T' $1 f 5 C £ ft X' t 4 ^ . S K I _ B 14 , 
7 p_ H 4: + Xh-9--trX0-SPi:LTMS 30 0 IC & If £ ft 5 2S # 4 ^ <> MS 30 0 
SSK l_A*4tfSK l_B!i>&SK l«Bffl!SL. S K 1 tU I ME«8t5. SK 
IliU IM 3 0 8rtT'fll«l6LTt,4l\ SK lOitt. SRU^S K CJtlTJSU 
It ft If & £ * ^ o Mot, SKl_A«J*tf/*fc«SKI_Btt«fU^SK*8tWr* 
t2£HLfcttftlf&e.fcl>o C SI4S K l_Bt7B-F*tXha«OftftEB SIC 
B S 14 , 7>7^30 2ic<fc0&a}£ft*, S U_B»7b- Htt^H, * 
fr? I"l B 3 0 4 C»t. SU0»3O4li, S K 1 _ B % M S 3 0 0 IC ft * L , M S 3 0 14 
SKl*»««t5. HS 3 0 0liSKl*UIM 3 0 8 ttt»l, UIM308I4, S 
U M U 3 1 4 IC ,12 IS £ ft tz B A K * til V T S K % Ut » * S . * K , S K 14 , U I M 3 0 8 
tCi»3ME306IC«|&$ft5„ ME306I4, SK*^nH/-^-^, ME 
M 3 1 0 IC ilBtS-T S . M F. 3 0 6 14 . S RtlD^T C S 4«6«fi Lft^n- H*t X hiS 

li ^ 81 ^ 1" * o 
[ 0 0 5 7 ] 

[ l 0 7 0 ] 0J jj* 31 fifi <D S fl§ *S </> T , S K I I4*fc, SKI*U1M 308 IC iS "T * ■? 
ICMS300ICiS?lffL. SK I *S91-« B A K SffiliiT 5 4 ? K U 1M308IC 

«j^t5t*iUf^?7^-Nyf^n (SPI) ^r^tTo ffi§®^> UIM30 
8I4. SK^MESOeiCiSb. ME 3 0 6 BSKS(H^T7"O-H*tXh3yf >h 

* U •>} T % o 

[0 0 5 8 ] 

[ l 0 7 l ] CStBSliS K l_B*^g*n5tS<0*5li f Pl^jSf S, C S (4 S 
K*SiS?lc^S-r?.Ci;lc4:t). £S K IC fc It 5 B ^ <0 ^ ^ W fiiii ffl ^ 15 M U ^ ^ t> L ft 
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ft V* „ C <D ti'J U K *3 l> T , S K 1 _ B t - 2 Z m >M L ft t -p <Ji! "A (i . f'J /II "I fig ft tf* 
te^ffiiSft-r^CilcWL-C^^^X^n-So S K I _B li> 7o-F + tX^v*A 
W ft <D f- + * ;KC O -T -5 C i: # T- £ 3 o a-f-tf7n - K^t X t*;Kc r Ifl M 
J tSi:. § <i m ¥8 !i . r i&J m * + * A> J *» £ 7 a - K * -v X h ¥• •* * ;U % M o it 3 13 $8 
£ t# 3 <, a--*f-^7a — K * + X h- -V 3wU tc C |fs| j t 5tf « ifiaiftZi'-tX^rnl 
fig lc 1" 3 c £ §3 i: L l^fr t> L ft ft ^ 0 C ft fi . ME 30 6 ^5@miKJtcS K I ^ri#SCi: 
£ i: T 5 0 ME 3 0 6tttTCS K I.ASftoTl^-eSS^tftift.. BSli, 
SKI_B*!9mHluME3OO(Cttttbfti**(fft&&i> s 0!|X.(2. BS«, (7a- 

K** X Mi3$8£ JtottS ft46cDtfJ$B £ ttK) M ffll ^ * * ;U c M K S K I B j&l fit 

5 C i A' T $ , Sfttt. 7n-K + irXhf t^/HC«i5i?t;S K I _ B * i^S t 5 C t A 1 10 

B StfS K I _BOl*Ltf Ltf ry 7Uf '/aj ttltftifi. MS 3 0 0 It 
7a-H+tX|-y 7-b-->'4 7^tXt5;i:/)'fS5. fe*»?lCt!«^lcSK 1_B 

ft ft ^ SI CO W 4K W * /II L T t J: ^ <0 T* » S K I _ B f- * £ U 7 U y -> a T 5 SS5 <H tt . 
?JfflBJfigft?»f«iJS*gjiSffr5Ci:tcWUTA^>X^ft5c 

[ 0 0 5 9 ] 

[1 0 7 2] C <D £3 jg li , 7'a-K*^Xh3>x>K0^^-fcj2§fUtO^Ta>^'5o C 
S fi Si ft co S K4ffl^t7n - F*tX Favr^ h £ Bg *f ft "T £ <, 0J*Hfi&<OM{i7 
M^X r- X > £ V 7 -> a >X3f>^"- K (Advanced Encryption Standard) ( A E S ) Hg 

D XAeO<fc 9 ftBg^ftT^rf U XA£$fflTSo »G> »J6 fc * ^ T , Bg ^ 20 

ft £ ft ft ft g ti , X>*y->aU--rW>y-b*aUx-f^'l'0-K (ESP) 8 & - 
K ft Vt o T , I P s e c H >r v h K. J: *) M 1$ ft 3 . IPsec/^vHi, SI3U7D 
- V * * X h ? y r y h Z 9m ? Z K tt> IC , 5i £ <0 S K £ ffiJIJ T 5 <fc M E 3 0 6 tC ft 
^t5SP Iffl t> ^ t? o 8g ^ ft 2 ft ft =i y t > Mi . 7o-F*vXhft*;^/MT 
i£ £ ft 3 = 

[ 0 0 6 0 ) 

[1073] § {.MSI fg 3 0 4 li , R K I tiiOfB A K I ?:i}gU I M 3 0 8 Kmj&t5 0 
2 £K . § fl [el HS ti , S K 1 £ f# S ft 46 lc , SKI_Atia^5ftl2>MS300cOjai^ft 
J?|5»lCSKI_B«rfJt*&-r?. 0 S K I ti . MS 3 0 0 ONlt Si^lC J: {) U [ U3 0 8 

U I M 3 0 8 H , RKI*}«tr/ASI^€)RK*ft35L. R K^ffl^TBA 30 
K I £ & % L T , BAK^IRSL. S K I 6 iff B A K tffll'T S R tttJIU. ME30 
6tC<fc0ffiffi-f.5ft46cDSK£?8£t3 o ME 3 0 6 B, SK£#l^-C:/D-F*-vXr- 
3>f>F*i?t5„ #J^3lfiScDfl*<§£>UlM3 0 8li. 7d - t X h a h 
£U7/l'*^Atcm^*5 + #ftflg7Jtfftv'><DT', * ft ti> A. SKt*ra-K* + Xh3 
yy-y Y % ®m % tz #> \Z . ME 3 0 6lCia^ftS<, 

[ 0 0 6 1 ] 

[ i o 7 4] m 5 itm^mm^Bm^vtomR k , b a k *> <t a? s k <omm tmmzmm 

t5, mmt % £ o IC. MS 3 0 0liRKU§til, ^ft«rUIM308 tCj)fi-r„ SU 
P U 3 1 6I1RK I feiff ASI^ffl^t R Ki&ttBL, RK*U IM ^t'JXhb-i/* 
SUMU3 1 4Kfijfit5, MS 3 0 0 8, U I M 3 0 8 iC Vtfi ft R K fft €r ffl l> T Og ij- ft 40 
JnftBAK?rttfBAK I SrjSnWMlCgfi Bg^fb^ftfcBAK I ti, S UPU3 

1 6i:i!5i§$nBAK?rff£T5. BAKtiU I M^U X H/-->'S UMU 3 1 4 
»CteiS$ft5o MS 3 0 OliJ?»l:@llli(fii: S K I _Bt§@t3. SKI_B(iSKI 
_Afc*g^b. S K I 4ffiKt5o SUPU3 1 6HlS K I «J:ff B A KfrgS KtftS 
t5 5 S K«7D-K*tXh3^T>h5iatt5fcl!)i:ME 3 0 6t;«J&jn5 0 

[ 0 0 6 2 ] 

[10 7 5 ] 0»J S fig <0 IB fig tc $S (,> T . C S tt fi , £ f L Bg J=J- ft $ ft , M S 1C iM (,i ^ ft 

s £> s « ft o c s n ft *> t> co 7j m z m m l x t a ^ . & m s tc ® -r 5 fc 46 k c s * 

0 58 £ £ ft ft M ffi ti . M S *t SE % ,tt 17 t 5 O tc + ^ ft ti'i fS (tt «g "T 5 . I 6 co -> X f i, 
350lCl3fl?-r5<):9fi:, RKiiCSICiOISS^ftSft^ RKtS$fl (RK I) «MS1C 50 
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[ 1 0 7 6 ] R K = d 1 (A -g|. R K I ) (3) 

[i 077] m*nm<0B®\ci$^T, w&d ltta^*^©™**^** 

«»«fc*ti*f, RKiitaT©*9ic»je*n« gt *° ** 

[ 0 0 6 4 ] 

[ 1 0 7 8 ] R K = S H A ' (A-«) || R K I ) (4) 
C i*Jii- r !l? % A ~* iRK I**^,J« MtSU SHA' (X) B 

[0065] ° 

[10 8 0 ] R K = A E S (A-a, R K I ) (5) 

[10 8 1] AES (X. Y) It, 1 2 8 kf v h A-«*ffl^ft 1 2 8 If <y h 7 a y * R 

,^.^{<-J;»)^g?n5AMFi:SQNe!)jiStJ33S : fi^.-g-t r 
[ 0 0 6 6 ] 

[ 1 0 8 2 ] RKOa45ffttt*aftOi-lfli, B A K © R U « % %\ % * * © V 

b a k c sttB AK*tta-r*ftJ6K^*»ft«am*«H 

LTU ^' ^14^5. «f^OU I M 3 0 8 KflflH!** B A K I ©fifitt, U I M 3 0 
8k.Ma**eW©RKteS-3t>TBAK©M-efttttttf4&fc^ 0 S U P U 3 1 6 I* 

wT©3fcfs^d 2©5^A/«<-Dtf6nft»iacaeoT, s umu 3 1 4 *r k aa a * n 

[ 0 0 6 7 ] 

[1 083] B A K = d 2 (BAKI, RK) (9) 

[ 1 0 8 4 ] ttfc»>©**0a||t*,,> T , C SttRK*flH*TB AKlcMro-fex* 
Ifflt5UIC±t)BAK I fcft* U SUPU3 1 6 tt R K^ffl^t B A K I K B& ^ ft 
70tX«ifflt«CJ:icj:!)BAK€S« 0 Cft«, CStfBAK««fftU SUP 
U3 1 6i'BAK I^S^tSOtliT^Stf^^s, ft 9 <D H jfc © a§ ft 0 

6CH«-rsa©a#*K*p*T*fctta©ad*©ftt>»)K. ^*>%sa©a©iai-a: 
t aa*- s c t t So 

[ 0 0 6 8 ] 

[ 1 0 8 5 ] SKIiRK K»T**ffifc Haft2fS;?JK I) jftfen*. fit ft 0 S K I ft S 
KI_A*5«tt5SKI_B (SK[_BttCS*»6MSlcaffl*n*ffl«T**) 6 » 

d 3 ©^/l/ffftttfcftfcffijgOiHiRfcffl^T, ttT«aE«,T SKI* 
itf (S UMU 3 1 4EI2i^n5) B AK?iit5. 
[ 0 0 6 9 ] 

[ 1 0 8 6] SK = d3 (BAK, SKI) (6) 

[1 0 8 7 ] fc^-r, M«d3tta^*-r:rtDija»*ssars. aaaa 

©Micfc^T, s K ttWTOJ: 3 tcltW^nSo 

[ 0 0 7 0 ] 

[ 1 0 8 8] SK = SHA (BAKISK!) (7) 

[0 0 7 1 1 ^ *®**®a«Kfc^T, S K tiWT<D <fc 9 IcgtSSftS. 

[ 1 0 9 0] SK = AES (BAK, SKI) (8) 

A-7DC0MJn5 o iTAinfyy^OZICfeV^T, ifflAI^CS taa*£*r 
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5M7o-tX4 0 0£iaf}?t£ I > X r 7 7 4 0 4 »C & tt £ <? & ti , U I M t£ 0 ft <0 R K 
Zi&t&t 5. U I M fi , Xf77'4 0 eicti^t, (SUMU) 
tC R K % IS tS * * o SI 7 B li C S i: M S fc <D li'J <D /jn A ft «? £ 0 ft? f 5 . X x 7 7" 4 2 2 IC 
^ T , CSli, B A K Hfj fli] T I K B A K 4SSt So BAKttBAKJHBBTlonilfW 
T* fc 9 . B A KSafflWlCSIiiilS. Xf •y?'') 2 4 Ctit,>T, CSS, BAKWRU 
T lOMU I MK7P-H*tXh3>f>h (BC) fcT^-bX-fSftlifc^ASo X 
7-7^ 4 2 6ICfc'^t, C S«, &finA£0">fti6cD&{"g>!r<DRK£fflt , TBAK£BJi*|{t 
1" 5 o Pg ft $ ft ft B A K « B A K I fc H t£ ft 3 0 * tC, C S «7f 7 y 4 2 8 iCfc^T 
BAKIfcUIMlcaHSTS. U I Mli, Xf 7^4 3 0 Kfe^T« B A K I 4SiaL, 

r K^ffl^-ca^fc^T-fSo $ s ft ft b a k i mitt?§4snfcB a k & & d * 10 

o U I MttXf 7^ 4 3 2ICfi^T. BAK*SUMUCfflfflt5. *C, U I M li , 7 
n - K + + X h-t -y -> a > * (,1 L , Bff f| ft: «£ ft ft 7 n - H * + X h (BBC) <D ft! 
BAK*2Sffl-T5ili:(i:<tt» B Ct7^-tXT5: ttfftS. 
[ 0 0 7 2 ] 

[1 092] 87CS, 7D-K* + xh-9--trx*-9-#-h-rs M&iifi iS X -T A K *5 
i> t\ -b*aUT-rHftJ}fb<Dft4i)(0gE«:ailli-r5^j4«rBIfi?-r5 o C©SSa07 FACj- 
jLe>nft#IMfi6T£o B A K tiHHRfi T 1 £ £ U JafflffHcSiSrSft-S,, t 1 fi 

B A K ft* £ S MS ft. T 1 T- 2 <f 1x7 t> V t S K _ R A N D fc «f If tl 5 

S K £ 3t ® £ ft & K g & {£ ffl £ ft 5 S K R A N D ti Hfl R8 T 2%^UTC0»}W{<:S 

*?r £ ft 5 „ Hv-t 2li, S K_RANDi^|Stl5tBltefn« T 2 K 43 ^ T £ -f 20 
ix7Ht5„ - 31 fig <Q E flg IC fc T , S K Ji , T3<0«HH8*WLT^Wj^ItCSSfi 

sns. MT-t3ii, gsKA^s^nst, mitts n, T37Ni7nt5, 

S K_R ANDtt, C S T'ftlE* ft> M )W ft IC M S IC fit £ £ ft 5 . W T tc # fffl (C £ «tiK T % 

<fc •? K , M S i C S « S K RAND^ffl^TS K £ 58 <E f £ „ 

[ 0 0 7 3 ] 

[1 093] Sgl<D*W?-l 1 li, BAKcDJSfflT'*5<Btf£fi<5:ft*fc, 'Jt7hJ 
ft 5 „ 2 O © B A K Si Ifi RS) <£> B* Ull OS?liB A K ill *r )W III) T* fc 5 , 0J * *J$ fig <D B t& IC fc 
X , BAKtDggrWBJItiiy^T'fcSo L L ft £ , ftfc>»)<D$|fit§©MW, ->Xf A 

co © a ft fj ft tc 33 is s ft -a ^ ft 5 »j lai s ft a , en ^ o -> x r i» s ^ * iiS s -r s ft ^ ic s 

S£ft£l>frft£»iRS£fc3?J®1-SCfc#T'£So 30 
[ 0 0 7 4 ] 

[1 094] 07 C^iltit, j£ 4 4 0 ti , Xf 7 7*4 4 2tfe^T, 2 
$^z->t7^XU SK_REGWJIHlT2£l J »1i!&f£ 0 C S tt S K _ R A N D 5 L 
, 77 4 4 4 ic fc ^ T . ^XTAC^Icl^t, & ft <D ft i6 K )M (3 0 S8 lc fil £ 
Ifif&t5„ J-f7-t 3ttXf 7 7*4 4 6 C6^T'f-5't7^X?tl. S K KH R3 T 3 £ 
IS) & "f 5 c * IC . CSli, Xf774 4 8CtS^T, 3i ft <D S K * fIJ ^ T B C * Bg FJ ft * 
So BS ^ ft £ ft ft m « E B C T- fc 0 , C S li ^ X f- A ft O 33 ft <0 ft £ IC 3g <3 li Sg K E B 
C & {« & 1" 5 c flMOLlB 4 5 0 E6^T>'1'7 - t 2*«iSTr«45, ft?i!li, X r 7 
7° 4 4 2 iC^5„ t 2 (i T 2 <fc 9 fc 'h S VU* ft H fc % £J W O- L 4 5 2 tC fc T , * -Y v 

- t 3 ft' ft 7 f 5 ft 5 . MPJ!(iXf7 7 4 4 6 K ;^ 0 , o X ft ft If > ftPl! ti 4 5 0 1; 40 

% S o 

[ 0 0 7 5 ] 

[1 09 5] i7 DB7n - H*tXHt-lfXi5:77-tX'r5M S©|lj^i&I^t5o 
?3ffi460ti,^»Jti:. X-r-y7 , 4 62ICj3^T, ^YV-t2*J«fcO : t3*CSICtitt 
SM^iajflH^-lirSo Xf774 6 4Eti^T, MScDU I M(i, C S l£ £ +1 ft S 

K_RAND*§it5. XT7 74 6 6lCfcl>t, U I M « , S K RAND, BAK 

, ts J: IS B.¥ irvj ifiij '/U ¥i % ilJ ^ T S K * ft & * 5 . U I Mil, S K * M S <D M E iJflE -f . ^ fc 
, Xf 77 4 6 8IC6^T, U I M li , SK^ffl^TSfg'LftEBC^ftf^t. titt 
OBC«»lilt5. XT774 7 OES^T, Mv-i 2tf»S7t5i, ft ?l! X r 7 
74 6 2 ICR^ 0 ?Y?-t 2 I* T 2 £ 9 'h 2 kM* ft £ . Xf 774 7 2tCfe^T. ^ 50 
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-<V-t3#fS7T£&e>, X r y 7* 4 7 4 l£ 33 ^ T , ^7- i 3 *Wi->t7l'Xf 
ft , 4 6 6 (CIS. 
[ 0 0 7 6 ] 

[1 096] &£©BAKM«fllffll;:, 3.--9--^-7a-K*+7.h-9--trx5r*LiAt?i: 
, C S 14 ( R K T'0g^(t?ftfc B A K ICWlSI"*) I^l%^8jR A K I*&m?3 0 C ft 
14 , - m tc , B A K M #r W (K) <D Bfl % hu l£ , IftttCO B A KSUfflBICM S fliJB«K7n 
- K * + X h * + * ;HC |e] $ -f 3 £ t , it*. :nii. a40MWK£?T. MSJ/i 
14 C S 1C «fc 0 W ft f 5 C t T* £ 5 o «!S«BAK I * |3J B» 1£ & (3 L £ % L T *> <k V*. 

[ 0 0 7 7 ] 

[i 097] s st -r ^ t « , b a k s Di m fig <d ^ 7 # m t & o tz t § , *©bakm«w 10 

IHJ fc M S * t ii A, fc H P, , MSliC S6^!llliinfcBAK*g*t5Li!!) ! T'n.iS 
T' 2? 5 o ft ft 0 <9 J$8 IE fl iC tS t> T , & #J <D * ^ V - i 1 liC St±f)fffl?n, 2 -f 
v - (a $ 7 B$ tc , "T & to 5 , BAKS*fT#!fB]tf8S£2ftfci;t, C S 14 B A K * iM {3 T 5 

o 

[ 0 0 7 8 ] 

[10 9 8 ] §f & ? « t 14 . B A K iG rr )HJ I/1HC a - if # B A K £ § U T -5 C £ # 51 ft& ? & 

»k coti^, 01*. if , bakes? tf^fcic^ ft £ft*fc£, Au a # t4 , awwr-y- 

\Z*\ZtoX?Zt^*> &T-h%o ^ S tC . 1" ^ T <D iO A £ # - 1$ [C g 8f <* ft * 4: 9 1C , B 
A K <S St fc 4: If S Kg»r<Qfc&<D}!8rai4ffim£-e£;:i:tfT'S£ 0 

[ 0 0 7 9 ] 20 

[ 1 0 9 9] 0 8 A 14, m*nm<D%m\z'iS£r>X , MM{l^XxAtc*sttSSIS7 p n-tr 
X % 13 ft? T 5 „ 05502(4, & fol A # , "T & to 5 , MS5 1 2 i:2?H, SIORK? 
Jjn A # <D & ^ 1C 58 £ T 3 o R Kli^MSWU I M(^OS UMUa - 7 KcmfS?n-5. a 
W? Z&oiC, C S 5 0 2 ti, UIM, 5 I 2|^©SUMU, 5 1 0 1C ,12 $ £ ft £ 
RK, *5e3£-rSo M $ 1C , C S 5 0 2 14 , rJtfnU IM 2 522rt£>SUMU 2 
520*54: U 1 M N 53 2|*9<DSUMU N 5 3 0 IC j?2 tS £ ft -5 R K 2 *5 4: Xf R K „ 

[ 0 0 8 0 ] 

[1 100] 08 Bli, >>Xf OOrtOi)ilE*^DtX*0S?t5 o CS502(4 
$e>»C^I!t^X>3-^504%^tf„ l^3-^5 0 4OM(i, BlORKsOl? 30 
i: , C S 5 0 2 KtS^X ftfc B h KfaZg^tZo SlV3-? 5 0 4 <D W T^J 14 , 

t$ IC Jni A « <D fc *6 l£ ft *t ft S ft B A K ItfeS, BAK I (4. U I M, 5 1 2 O 4 ? 
ftftMSOU IMK6l>TSSihS. SU 1MB, UIM, 5 1 20SUP I , 5 
1 464tf S UMU, 5 1 0©J;a%SUPUiSUMU?:&tf„ S UPUtt, UIM 
cORK<DSIffllC4.')BAK£i5£f5'r=i-#5 1 6 <D 4: ? & 7* n - ? * # t? . Z. <D~f u 

•b X (4 & *n A « K fc ^ T S U t ft 5 o 
[ 0 0 8 1 ] 

[1 10 1] if PI! *5 4: If iUSr 14 , 0 8 C 1C El ft? $ ft 5 . H8 CKfe^T. C S 14 S K _ 

RANDOM £5g£-T5fci61c|i8»508:£?iJffl-f.5o SK RAND (4. SK^Itlt 

£ £ «> 1C , C S ti 4 t>* M S \C 4 0 {$ ffl £ ft 5 ff SB ft fifi T* 35 3 . 1C . IJD St 5 0 8 14 B A K 40 

m. S K RAND, *54:t>*B|RaM£fiJffl-t-5 0 08 ClCBJft?-rS^rt6(DJg!g(4, l^O 

S K^Sfr-r^A^i^^-rsfctolc^Y^-^liJffl-rsitftift, ^fet>(D^S!so}fJf6t4 
, ^»}W^3iSr*4^S/ii6<0^ftt?Oi»ISM, fiSJx.14, x 5 - S 14 fl!! <0 -Y ^ > h <D H 
Si^fiifflLTti^c CS14. SK_RAND«j!)nA#«oa-''-?lC{tt$SL» COlg^-, ^-U 

1 m m -r § ia & 5 i 8 14 , c s <d imi » 5 o 8 1 m c ia a «r n m t s . isa a 5 1 8 t4 , 

S K RAND, BAK, fcitf^-rv-fjfilClSfjgL, ME, 5 4 0 <0 M E M , 54 

2 <D J; ^ & M E fH<D * Z U a y - -> 3 >!Cil2tS$ ftS S K^^E^-TS., 
[ 0 0 8 2 ] 

[1 102] EI8D14, S^*i4:tf*Lji^<Offe©BC(OSai , l!*0W-r5o CS502 14 
, SawSKi&ffl^tBC^U^ItL, E BC%%tt5l>3-^5 6 O^StJo ^ tC 50 
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> e b c ti „ in A # tc iM ® £ n * . s m s »i » s ksiiiv^te b c*sb c*ifljtsi 

> 3 - # 5 4 4<D£r>%x.>u-tf%-gtS 0 
[ 0 0 8 3 ] 

[1 10 3] COKllili, -#fa©7n-K* + Xh-9--trx;&-9-*- h f 5 fin m M iS > 

x t l <d m <d m m ic m l x e m l ft tt n £ t, , ± t-m^ ft % it n m ts <t if mm m 

14 , S5>IC, ^ ^ ^ * + X h # ^ 7* 7 p - K * + X h X x A £ # t? co x - £ ffl if ^ X 
ri»tCiiffi5I^T-£5 0 ^ e> tc , C co $g W J4 , S £ T- f> -^ ;?wl/ £ /M, T , 2c £ & tt ft! 

C 0 0 8 4 ] 10 

[1 10 4] 1ff«fe«fctffiiJWU 1^3 5, fi ffi *3 J: IS & & cO ^ r ft fr* ffl l> T 

arc 5 c t *S3S#tt?y»?-r s. wm*, ± as <o ,e .1 <o ± i* tc m? x&mlx 

4; ^ x - * . fir^, nv>K, tff&K f§*f« If -y h , , *i J: tf 7- y 7 s (4 ft fij ic , ftt 

ffi, nm.. vuottt. mn. isa?. sft^ft^co^-f ftfrco*H£ 

C 0 0 8 5 ] 

[1 1 0 5] Ma £#14 £ p> IC, C C (c (HI;* L fc §1 J5SS «0 fl? !g tc 155] j§ L TiBiS t ft ffl^ <D%m 
t tz £ m M 7" p v 7 , * •>* a - ;l/ . @ K} , J; 7 ;l/ rf U X A X r v 7 (4 . ffi ? m - K 9 

•5 0 c com- K 7X7 t V 7 h 7X7co5«51t^nflHgt ; : ^B^-r § fti6tc, ?i 4 to SI 0ij t & 20 

sgpa, ?D7^ *s?a-jk iem, *5 «t tfx-r -y 7'/)^-^{c ?n s to «i ftg it <o Si * ^ 

6 ± tc 3S IS £ ft ft „ *<0 J: •? £M14/jWn- K >>x7 $ ft 14 V 7 h>>x7i:l,TM;*ft 

5 f4 & CO 7 7" U * - •> 3 y *> «k £ <* <0 •> X r A K ,21! £ ft ft ,15 3+ »j m \C tfc # "f 5 . 

6 il L ft 88 A t4 , SHS(D7/ijy-ya ^ «C ft L T IB ili!! L ft $ g L ft £ & T* ?«l 
Its: *-<04:?&£fiteco¥iJWil4, C co 58 BJ] co M * & IK -f 3 i co i: I, T 

[ 0 0 8 6 ] 

[1 10 6] C C tc F«1 ^ ^ n ft n fig CO lie [Ml jfi L T IB 48 2 ft ft ffl 4? CO ^ tF!l t & £ & II 7" 
Q'yf, * a. - >l , t? J: t5 [si ^ 14 , rH ffl 7° a -t -y V . fy'^bv?t)Vyat7* ( D 
SP) , It^ra^lfel^mffllBlSS (AS I C) „ 7Y-;l'K7'D^5v7^y-l-7U'r ( 30 
FPGA) $ ftt4ffic07'n y-5 V7;l/^{1S(!3, r X ^ V - h V - V $ ft 14 1> => > 'J X 
^ □ V <y ^ , r -c X 7 <J - h m - K 7 x 7 n > if, - * > h v $ ft (4 C C }c 12 38 L ft ® m * 

% ft t z x o ic m. ,!t ? ft ft i> -f ft ^ <o m % * * ffl i> t ^ fifi t ft t4 ?i if -r & c t t * . 

iflffl7 , u-b«y9-{4. v-Y7n7P-b<y<f??$>-Dr«J;t>^, JJiJ<0?jt£T'14, 7 > a-b-y-9-(4, 
t^rft^<0-)aW*7 , n-b>y 1 t, 3yhn-7, v-<^an>hD--7, $ft(4Xx-h 
?yyT$^til\ 7" p Hi "y it (4 S ft , at TJ & IW <0 «1 ^ i: L T t 'Ji fits T' S 5 . 0!l A {4* 
. DSPiv^i'D7'Dt'?t©l^tf < Jga<OV^7P7 > P-tr-y9", DS P37tB* 
tft 1 oJ.X±cOv^7P7 , P*-y^Sftl4l^ft^<Ofl!jco^(04:^ftffij«i:tT'i5fi!S-r5 
C H T t 5 . 

[ 0 0 8 7 ] 40 

[i 107] c c \cr$* z ft rcnm<o mmicmm i, x mmz t\tz * & t rz & 7 >i 3 v x h 

(4 » n-H'JiTCfe^T, 7 p -b -y ^ ic X 0 SI * ft 5 V 7 l~ 7 x 7 t x a. - ;Kc *5 
T , S ft (4 ffi # <0 1® £ # tc X K « Pi ffl ft f 5 C i: ft X' t 5 . V 7 b 7 x 7 * 5? ^ - )\> 
J4, RAM^tU, 77yya^t'J, ROM^t'J, EPROM/t'J, EEPROM 
jt^U, U->*X?. A-FfU>, flttfflBJflg-r-i'X^, CD-ROM, Sft(4ttffiWlC 

ae.ftT^5^ofibcot^n^<oiB<g(0 2Biaj«(*icr?it-r5ci;^T-t5o ^i^gBts(«<* 

{4 x 7* p -tr -y * t£ « fee ^ ft & . * «0 «fc 3 * 7* p -fe -y * t4 ,IB t§ (* A»^> tfi ft! £ # Hi U . B 
tta»Kffll**»#atri: fc««T-*5. 8iJ co 75 ffi T (4 % ,13 tS &K f* t4 » 7 p -b -y * fc ^ « ^ 
fi£T'&5c 7 > P-b-y-9-i: 1 iatiS!i«i*{4ASlClc/faLTt<J:i^o ASIC(4rL--y r SS*tC 
^ltLTUl\ »J «0 75 ffi T- (4 . 7 p -t y * i: IB IS 5K 1* 14 ^ - If ifS * ^ « -f X ^ U - h 50 
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[02] [1 0 1 6] 0 2 ti, ^SiDa-f^t'l!- l-tSX^i' h^A&lftilMi^Xf 
A <D 0 T* 5 o 

[03] [1 0 1 7] l83tt:7n-F* + Xh2&{a*tf#-l-*Sjflies>Z^A(D7oy 

f 0 1? h 5 . 

[04] [i o i 8] mm m fa -> x r & e st* z&mm<Dzm ? ^ mv & z . 20 

[05] [1 0 1 9] 0 5 ti . ^n-K + -^Xhr^-bX?r«ffll-r?>fci6tcf$ffl^n5^ 

#J )S ft ^ M H £ 32 © T £ * -r ;l/ T- £ -S „ 
[06] [ 1 0 2 0 ] 0 6 It U 1 M ft <D Hg f| ® ft * £ « f 3 * r * T' <fc 5 0 
[07 A] [1 0 2 1] 07 A ti 7 n - F * * X h iM fg £ 1)- # - h T 5 Mii ^ X f- A 

icfci^T. -tr* a 'J f-f BfSlJftfc'Ji SS6^ £ # it* MM? -5, 

[07 B] [1 0 2 1] 07 B<irn-K^^XK^fI«r-9-*-hr5Sftl«ji!ifS^Xf-A 
tc 43 ^ T , -tr * i 'J r b/5 s; ft £ 'M SS * Z ~H i£ £ 0 m ? £ . 

[07 C] [1 0 2 1] 07 Ctt7n-H*f XhiSffl«:t*-|-t5i^Mi/Xf A 
icts^r, -fc*a 0 -r Bg^ftSrUlSfcf *#i££08?-f 

[07D] [102 1] 07 D«7n-K* + XhiSffl*U'*-ht5iS8I®'>Zf L 30 
lc:fc^T, -b*aUx'CBg^ft%^«t-r5^i£^08?-r^ o 

[07 e] [i o 2 2] 07 e a? n- v * * z h &m*v h -r z&mmmis XT L. 

ic *5 1> T . -t*i«J'T'<'*yv3>cogtSST«3R8O^-i'5>'^0T'«)5 1 , 

[08A] [1023] 0 8 A « 7 n - F * Y X h & ft £ ^ # - h ^ S Miffi (3 -> X r A 

icts^T % -b^i Uf -r Bg g f 1 7? r£ <D 7 :/ l) y - s/ 3 > £ 0 ft? t £ „ 

[08B] [1 023] 0 8 B ii 7n - F* * X h & f3£^ * - I- ^ S.MiiMt :> X r A 

ICfcl^T. ■b*aU-r-i'Bg%ft^j£(D77 B U'>--->3>^0fl?-rS o 

[ 0 8 C ] [1 0 2 3 ] 0 8 C It 7 n - K * -V X h & Q £ V X - h f % M SSl W (J ~> X t A 

[ 0 8 D ] [ 1 0 2 3 ] 0 8 D Ji 7 D - F * + X h ig {3 * — h T 3 JRt ®3iMi X x A 40 
(Cti^T, -t * a •J-rYBg#ft?3ii<0T7 , 'J ^ - > 3 > £ 0 ft? IT * „ 
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METHOD AND APPARATUS FOR SECURITY IN A DATA 
PROCESSING SYSTEM 

BACKGROUND 

Claim of Priority under 35 U.S.C. §120 

[1001 J The present Application tor Patent claims priority of U.S. Provisional 
Application No. 60/279.97O, filed March 28,2001. assigned to the assignee 
hereof and hereby expressly Incorporated by reference herein. 

Reference to Co-Pending Applications for Patent 

[1002] The present invention is related to the following Applcations for 

Patent in the U.S. Patent & Trademark Office: 

■METHOD AND APPARATUS FOR OVERHEAD MESSAGING IN A 
WIRELESS COMMUNICATION SYSTEM" by Nikolai Leung, having 
Attorney Docket No. 010439. filed cortairrentty herewith and assigned 
to the assignee hereof, and when Is expressly Incorporated by 
reference herein; 

•METHOD AND APPARATUS FOR OUT-OF-BAND TRANSMISSION OF 
BROADCAST SERVICE OPTION IN A WIRELESS COMMUNICATION 
SYSTEM* by Nikolai Leung, having Attorney Docket No. 010437, filed 
concurrently herewith and assigned to the assignee hereof, and which 
is expressly incorporated by reference heroin; 

"METHOD AND APPARATUS FOR BROADCAST SIGNALING IN A 
WIRELESS COMMUNICATION SYSTEM" by Nikolai Leong, having 
Attorney Docket No. 010438, died concurrently herewith and assigned 
to the assignee hereof, and which is expressly incorporated by 
reference herein; 

•METHOD AND APPARATUS FOR TRANSMISSION FRAMING IN A 
WIRELESS COMMUNICATION SYSTEM" by Raymond Hsu. having 
Attorney Docket No. 010438* filed concurrently herewith and assigned 
to the assignee hereof, and which Is expressly incorporated by 
reference herein; 
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•METHOD AND APPARATUS FOR DATA TRANSPORT IN A WIRELESS 
COMMUNICATION SYSTEM* by Raymond Hsu, having Attorney 
Docket No. 010499. filed concurrently herewith and assigned to the 
assignee hereof, and which is expressly incorporated by reference 
herein; and 

•METHOD AND APPARATUS FOR HEADER COMPRESSION IN A 
WIRELESS COMMUNICATION SYSTEM" by Raymond Hsu, having 
Attorney Docket No. 010500. filed concurrently herewith and assigned 
to the assignee hereof, and which is express* incorporated by 
reference herein. 

Raid 

[1003] The present invention relates to data processing systems generally 
and specifically, to methods and apparatus for security In a data processing 
system. 



Background 

[1004] Security In data processing and information systems, including 
communications systems, contributes to accountability, laimoss, accuracy, 
confidentiality, operabiElty, as well as a plethora of other desired criteria. 
Encryption, or the general field of cryptography, is used in electronic commerce, 
wireless communications, broadcasting, and has an unlimited range of 
applications. In electronic commerce, encryption is used to prevent fraud in and 
vorify financial transactions. In data processing systems, encryption is used to 
verify a participant's identity. Encryption is also used to prevent hacking, protect 
Web pages, and prevent access to confential dcournents. 
II 005] Asymmetric encryption syslem. often referred to as a cryptosystem, 
uses a same key <i.e., the secret key) to encrypt and decrypt a message. 
Whereas an asymmetric encryption system uses a first key (Le., the public key) 
to encrypt a message and uses a different key (I.e., the private key) to decrypt 
it Asymmetric cryptcsystoms are also called public key cryptosystems. A 
problem exists In symmetric cryptosystems in the secure provision of the secret 
key from a sender to a recipient. Further, a problem exists when keys or other 
encryption mechanisms are updated frequently. In a data processing system 
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methods of securely updating keys incur processing lime, memory storage and 
ether processing overhead, tn a wireless communicaticn system, updating keys 
uses valuable bandwidth used for transmission. 

[tOO S] The prior art dees not provide a method (or updating keys to a large 
group of mobQe stations in order that they may access an encrypted broadcast 
Thoro is a need, therefore, for a secure and oftWent method of updating keys in 
a data processing system. Further, there ts a need for a secure and efficient 
method of updating kayo in a were kiss communication system. 

SUMMARY 

[1007] Embodiments disclosed herein address the above stated needs by 
providing a mothod for security h a data processing system. 
[1008] In one aspect a method for scours transmissions Includes 
determining a registration key specific to a participant in a transmission, 
determining a first key, encrypting the first key with tho registration key, 
determining a second key, encrypting tho second key wftn tho first key and 
updating the first and second keys. 

(f 009) In another aspect, a method for secure reception of a transmission 
includes receiving a registration key specific to a partlcfpiint In a transmission, 
receiving a first key. decrypting the first key »ith the registration key. receiving a 
second key, decrypting the second key wttn the first key, receiving a broadcast 
stream of Information, and decrypting the broadcast stream of information using 
the second key. 

[1010] In still another aspect a wireless communication system supporting a 
broadcast service option has an Infrastructure clement Inducing a rccdvo 
circuitry, a user Wentmcatton unit operaSvo to recover a short-time key for 
decrypting a broadcast mcssago, and a mobile equipment unit adapted to apery 
the short-time key for decrypting I ha broadcast message. The user 
identification unit includes a processing urtrt operative to decrypt key 
Information, and a memory storage* unit for storing a registration key. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

(1011) FIG. 1 A is a diagram of a cryptosystom. 

[1012] FIG. IB is a diagram of a symmetric cryptosystom. 

[1013] FIG. 1C is a diagram oJ an asymmatric cryptosystem. 

[1014] RG. ID is a diagram of a PGP encryption system. 

[101 S] FIG. 1 E Es a diagram of a PGP decryption system. 

[1018] RG. 2 Is a diagram of a spread spectrum communication system that 

supports a mmbor of users. 

[1017] RG. 3 is a block diagram of the communication system supporting 
broadcast transmissions. 

[1018] RG. 4 is a block diagram of a mobile station in a wiroloao 
communication system. 

[1019] RG. 5 ts a modal describing tho updating of keys wOrft a mobile 
. station used for controlling broadcast access. , x . 
[1020] RG. 6 b a model describing cryptographic speraoens within a UiM 
[1021] RGs. 7A-7D Illustrate a method of Implementing security encryption 
in a wireless communtcafJon system supporting broadcast transmissions. 
[1 022] FIG. 7£ is a tinting diagram of key update periods of a security option 
in a wireless communication system supporting broadcast transmissions. 
[1023] FtGs. 8A-8D iiiuatmto application of a security encryption mothod in a 
wireless communication system supporting broadcast transmissions- 

DETAILED DESCRIPTION 

[1024] The word "exemplar/ is used exclusively ho rein to moan Serving as 
an example. Instance, or illustration/ Any embodiment described herein as 
"exemplary" is not necessarily to bo construed as pre! erred or advantageous 
over other embodiment, 

[1025] Wireless communication systems are widely deployed to provide 
various types o' oommurucation such as voice, data, and go on. These systems 
may bo based on code division multiple access (COMA), tints division multiple 
access fTDMA). or somo other modulation tecrmicuoo. A CDMA system 
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provides certain advantages ovot other types oJ system, indudinn increased 
system capacity. 

(1026) A system may be designed to support one or more oiantiaids such as 
the TIA/EEA/1S-95-B Motile Station-Base Station CompatWity Standard for 
Dual-Mode Wideband Spread Spectrum Cobdar System* roforred to herein as 
the IS-95 standard, the standard offered by a consortium named '3rd 
Generation Partnershp Project* refcrrod to herein as 3GPP, and embodied in a 
sol of document? tocfudZng Document Moa. 3G TS 25.211. 3G TS 25.212. 30 
TS 25.213, and 3Q TS 25-214, 3G TS 25302, retorted to heroin as the W- 
COMA standard, tha standard offered by a consortium named '3rd Generation 
Partnership Project 2" rcforrod to herein as 3GPP2, and TR-45.6 referred to 
horetn as tho cdma20C0 standard, formerly called IS-2000 MC. The standards 
cited hereinabove are hereby expressly incorporated herein by reference. 
[1027] Each standard spocifteaDy defines the processing cf data for 
transmission from base station to mcbfla, and vice, versa. As an exemplary 
ombodmort the following discussion considers a spread-spectrum 
communication system consistent with cdma2000 systems. Alto mat o 
ombotfments may mccrporate anothor standard/system. Still otttar 
errbodments may apply tho security methods disclosed herein to any type of 
data processing system using a crypt osystom. 

(1026] A cryptosystem ts a method of disguising messages thus allowing a 
specific group of users to extract (he message. Ha 1A Eustratos a basic 
cryplosyBtcm 10. Cryptography is tho art of creating and using cryptosyatems. 
Cryptanarysis is tho art cf breaking cryptosystoms. i.e.. receiving and 
understanding the message when you aro not within the spocrftc group of usera 
allowed access to the message. The original messago is referred to as a 
plaintext message or plaintext Tho encrypted message is coiled a etphectext, 
wherein encryption Includes any means to convert plaintext into ctphertext 
Decryption includes any means to convert ciphertoxt Into plaintext, l a, recover 
the original message. As illustrated in FIG. 1A, tno plaintext message is 
oncryptod to form a ciphertoxt. Tho dphortoxt is Ihen rcoelvod and decrypted to 
recover tho plaintext. Whife the terms plaintext and ciphertoxt genoraKy rofer to 
data, the concepts of oncryplion may bo applied to any dxjrtal information. 
Including audio and video data presented In digital form. While tho description 
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of tho tnvon'jon prcvtdod herein uses tho term plaintext and cphartoxt 
constetont wttn the art ol cryptography. these terms do not exclude other lorma 
of digital communications. 

[1029) A cryptosystem te based on secrete. A group of eniiSe* shares a 
secret it an entity outskjo this group cannot obtain tho secret without 
significantly targe attaint of resource!. This secret ts said to servo as a security 
association between tho groups of entities. 

[1030] A cryptosyetom may be a collection o( algorithms, wherein each 
algorithm Is labeled and the labels are called keys. A symmeWc encryption 
system, often referred to as a cryptosystem. uses a same toy (i.e., the secret 
key) to encrypt and decrypt a message. A symmetric encryption system 20 to 
Phistratod in RG. IB, wherein both fJw encryption and decryption ulilze a samo 
private koy. 

[1031] In contrast, an asymmetric encryption system uses a first key (Lo., 
die public key) to oncrypl a message and uses a different key (Lo.. (he private 
key) to decrypt It FIG. 1C Custrates an asymmetric encryption system 30 
wherefn one key is provided (or encryption and a second key for decryption. 
Asymmotrtc ctyptosystems are also calod public key ctyptosvaterns. Tho public 
koy is published and available for encrypting any message, however, only the 
pirvato koy may be usod lo decrypt the message encrypted wfh the pubSc koy. 
[1032] A problem exists In symmetric cryptosystems In the seouro provision 
of the secret key from a sender to a recipient. In one sofulion a courier may be 
used to provide tho information, or, a more offident and reliable solution may be 
to use a public key cryptosysten, such as a public-key cryptosystem defined by 
Rrvost. Shamir, and Atfoman (ftSA) which lo discussed hccotnbclcw. TheRSA 
system Is usod in tho popular security tool roforrod to as Pretty Good Privacy 
(PGP), which to further detailed hereinbotow. For Instance an origlnalry 
recorded cryptosystem altered letters in a plaintext by shifting oach totter by n in 
the alphabet, wherein n is a predetermined constant integer vatuo. tn such a 
schema, an 'A* Is replaced with a '0," etc.. wherein a ghren enctyptton scheme 
may Incorporate several different values of n. In this encryption scheme *tf is 
tho koy. Intended recipients are provided the encryption scheme prior to receipt 
of a ctpfiertcxt. In Ihb way, only those knowing tho key should bo able to 
decrypt tho ctphertoxt to recover tho plaintext However, by calculating tho key 
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wtth krtowtedgo of encryption, unintended pantos may bo able to intercept and 
decrypt tho dphartoxt creating a security proWom. 

[1033] More compReated and sophisticated cryptosystoma omploy strategic 
keys Vial are actor Interception and decrypt/on from unintended pa/tioa. A 
dassc cryptesyatam cmptoya encryption functions E and cocryption functions D 
such that 

OJ<(E_K(P)) e P , tor any plaintext P. (1) 
[1034] In a public-key cryptoaystem, E_K Is oastiy computed tram a known 
"puwc key" Y which In turn Is computed fromK. Y is pubttshod, so that anyone 
can oncrypt messages. The decryption function D_K is computed tram pubDc 
key Y, but only with knowledge of a private kay K. Without tho prlvata key Kan 
unlntondod recipient may not decrypt ths ctphcrtext so generated. In (fib way 
only the recipient who gonerated Keen decrypt messages. 
[1033J RSA is a publio-koy cryptosystem dofinod by Rwest, Shamir, and 
, . Acflcman. As an example, oonoktor plaintexts as positive Integers up to 2 ai *. 
Keys aro quadruptoa (p.q,e,d), with p jrvon as a 256-bit prtme number, G as a 
256-bft prime number, and d and e large numbers wflh (tfe • 1) dMsble by *(p- 
1)(o>1). Furthar, define tho encryplion function as: 

EjqP) = P*rT^p<7 1 DJ<<C) = C d rnodpc, (2) 
[1036) While, E_K is easily computed from the pair (pg.o), there is no known 
simple way to compute DJC from the pair <po.e). Theroforo, tho recipient that 
generates K can pubfish [pq,o). It Is possibte to send a scoot messane to the 
recipient, as he ts tho one able to road the mossago. 

£1037] PGP combines features from symmetric and asymmetric encryption. 
FIGa. 10 and 1 £ Ctustrato a PGP cryptosystem 50, wnarcin a plairttaxt message 
ts encrypted and recovered. In FIG. ID, tttc plaintext mossago (3 compressed 
to save modem transmission time and disk space. Compression strengthens 
cryptographic security by adding another to vol of translation to the encrypting 
and docrypUng processing. Most cryptanatysis techniques exploit patterns 
found in tho plaintext to crack tho cipher. Compression roducos these patterns 
in tho p aintext. thereby enhancing resistance to cryptanatysis. Note that one 
embodiment does not compress plaintext or otter messages that aro too short 
to compress or which dent com pro as well areni compressed. 



(35) 



JP 2004-532554 A 2004. 10. 21 



8 

11038] PGP then creates a session Aey, which is a cno-c'me-onty secret key. 
This key is a random number that may bo gortoratad from any random oventfe), 
such as random movements of mouse and the keystrokes white typing. The 
session key works with a secure encryption aJgorithm to oncrypt the plaintext, 
resufting in dphertext. Once the data is encrypted, the sossion key b than 
encrypted to tho recipient's pubQc key. This pubic key-encrypted session key is 
transmitted along with the ciphertoxt to tho recipient. 
H039J Fcr decryption, as illustrated in FK1 1E, the rodplsnfs copy of PGP 
uses a private koy to recover iho temporary session toy, which POP then uses 
to decrypt the conventionally encrypted crphertaxt. Tho combination of 
encryption methods takes advantage of mo convenience of public key 
encryption and tho speed of symmetric encryption, Symmetric encryption is 
gonaraly much faster than pubfic key encryption. Public koy encryption in turn 
provides a solution to key distribution and data transmission Issues, tn 
.combination, performance and key distribution aro cm proved wrihoul any 
- sacrif ice in security. 

{1040] A koy is a value lhat works with a cryptographic algorithm to produce 
a specific cxphartexL Keys aro basically very lama numbers. Key size is 
measured in bhs. In public key cryptography, security increases with koy size, 
however, public key size and the symmetric encryption private key size aro not 
generally related. Whllo the public and private keys are mathematically related, 
a difficulty arises in deriving a private key given only a pubic key. Deriving tho 
private koy is possibte given enough time and computing power, making the 
selection of koy size an Important security issue. The goal b to have a targe 
key thai is secure, while maintaining key size sufficiently small for quick 
processing. An additional consideration is tho oxpected Interceptor, specifically, 
what is (he importance of a message to a third party, and how much rosouroo 
does a third party have to decrypt. 

[1041] Larger keys wiQ bo cryptcgraphicairy securo for a longer period of 
time. Keys are stored in encrypted form. PGP specTicaRy stores keys In two 
Wes; ono for public keys and one for private keys. Those files are called 
teyrings In application, a PGP encryption system adds (he public keys of target 
recipients to tha sender's pubtic keyring. Tho senders prtvato keys are stored 
on the ce Oder's private keyring. 
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[1042] As discu3sod in tho oxamploo given hereinabove, iho moUtod of 
distributing the koya usod for encryption and decryption can bo comp Scaled. 
Tho "key exrfungo problem" Involves first ensuring that toys are exchanged 
such that both tho sender and receiver can perfomi encryption and decryption, 
respectively, and for bi-directional communication, such that the sender and 
receiver can both encrypt and decrypt messages. Further. It is dosirod thai toy 
exchange bo performed so as to preclude Interception by a third unintended 
party. Finally, an additional consideration Is authentication providing assurance 
to tho foccfvcT (hot a message was encrypted by an Intended sender and not a 
third party. In a prtvato key exchange system, tho koyo are exchanged aecreliy 
providing improved security upon successful key exchange and valid 
autrtortucation. Note that the private key encryption scheme impQcay provides 
authertfcation. The underlying assumption tn a prtvalo toy cryptosystcm Is that 
only tho Intended sender will have the key capable of encrypting messages 
delivered to the intended receiver. While public-key cryptographic methods 
sotvo a critical aspect of tho 'toy-exchange problem', specifically their 
resistance to analysis even with tho prosonco a passive oavesdropper dunng 
exchange of keys, they do not solve all problems associated with key exchange, 
tn particular, since the keys are considered "public knowledge.* {particularty with 
RSA) some other mechanism Is desired to provide authentication, as 
possession of keys atone (sufficient to encrypt massages) Is no evidence of a 
particular unique identity of the sender, nor b possession of a corresponding 
decrypfcen key by itscfl enough to cstebtish the Identity cl tho recipient. 
I1043J One solution is to develop a key clistrfbution mechanism ihat assures 
that listed keys am actually thoso of tho given entttos, sometimes called a 
trusted authority, certificate authority, or third part escrow agent The authority 
typically does not actually generate keys, but does ensuro that tho lists of keys 
and associated identities kept and advertised for reference by senders and 
receivers are ccnoct and uncompromiscd. Another method relies on users to 
distribute and (rock each other's keys and trust in an informal, distributed 
fashion. Under RSA, if a user wishes to send evidence of their idorrSty in 
addition to an encrypted message, a signature Is encrypted with the private key. 
The receiver can use tho RSA algorithm In reverse to verify that the Wormatton 
decrypts, such thai only the sender coukJ have oncryptod tho plaintext by uco cf 



(37) 



JP 2004-532554 A 2004.10.21 



10 

the socret key. Typically tho encrypted 'signature' to a 'message digest* thai 
ocmprtaos a uniquo mathematical 'summary of the secret mosaaga (if (ho 
signature worn static across multiple messages, oncn known previous recofvora 
could use it fatecty). In this way, mecretteairy only iho sender of tho message 
could generate a valid signature for that message, thereby authontica&ng it for 
(he receiver. 

[1044] A message digest is often computed using a cryptographic hash 
function. A cryptographic hash function computes a vatuo (withe fixed number 
of bus) from any input, regardless of tho length of tho Input. One property of a 
cryptographic hash function Is this: given an output vatuo, ft is ocmputaconaiiy 
difficult to determine an input that wOl result in that output An example of a 
cryplogjaphfc hash function is SHA-1 as described Sn 'Secure Hash Standard," 
RPS PUB 180-1, pfcmutgated by tho Federal Information Processing 
Standards Pubficattons (RPS PUBS) and issued by the National Institute of 
Standards and Technology. 

ft 345] FIG. Z servos as an oxampf© of a communications system 100 that 
supports a number of users and is capable of implementing at toast some 
aspects and embodiments of tho invention. Any of a variety of algorithms and 
methods may bo used to schodute transmissions in system 100. System 100 
prevkfos communication for a number of ecus 102 A through 102Q. each of 
which is serviced by a corresponding base station 104 A through 1040. 
respectively. In tho oxompfary embodiment, somo of base stations 104 have 
mixtipto receive antennas and others have only one rocaVo- antenna. Similarly, 
somo of base stations 104 have muttipta transmit antennas, and ethers have 
single transmit antennas. There are no restrictions on the combinations of 
transmit antennas and receive antennas. Therefore, It is possfoto for a baso 
station 104 to have multiple transmit antennas and a stnglo recotvo antenna, or 
to have multiple receive antennas and a single transmit antenna, or to have 
bote singte cr multpio transmit and receive antennas. 
[10481 Terminals 108 in the coverage area may be ftxod (I.e.. stationary) or 
mobito. As shown in FIG. 2, various terminals 106 are rfteporsod throughout 
the system. Each terminal 108 communicates with at least one and possibly 
more base stations 104 on the downlink and uplink at any given moment 
depending on, for oxampto. whether soft handoff Is employed or whether iho 
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tormina I fcs designed and operated to (concurrently cr socjUGntiaUy} rocofvo 
muRtp!o transmissions from multipte baco static ns. Soft handeff in COMA 
communications sysioms is wo EI known En the art and is described In detail In 
U.S. Patent No. 5, 101,501, entitled "METHOD AND SYSTEM FOR 
PROVIDING A SOFT HANDOFF IN A COMA CELLULAR TELEPHONE 
SYSTEM,* which is assigned to the assignao cl the present Invention 
[1047] Tho downfink refers to transmission from tho base station to the 
tormina], and the uplink rotors to transmission from tho terminal to me base 
station. In tho exemplary embodiment. Domo of terminals 108 havo muWpto 
receive antennas and others have only ono receive antenna. In RG. 2. base 
station 104 A transmits data to terminals 106A and 106J on tho downlink, base 
station 104B transmits data to terminals 106B and 1C6J, baso station 104C 
transmits data to terminal 106C, and so on. 

[1048] Increasing demand tor wireless data transmission and the expansion 
of services available via wireless communication technology have tad to the 
dovelopmortt of specific data sorvicos. Ono such service is referred to as High 
Data Rata (HDR). An exemplary HDR service is proposed in 'EIA/T1A-IS856 
cdma2000 High Rate Packet Data Afr tntorfaco Spedfication* referred to as 'the 
HDR specification." HDR service is generally an overlay to a voice 
communication system (hat provides en offlcfertt method of tiansmUng pockots 
of data in a wireless communication system. As the amount of data transmitted 
and tho number or transmissions 'ncroasos, tho limited bandwidth available for 
radio transmissions becomes a critical resource. Them Is a need, therefore, for 
an efficient and fair method of scheduling transmissions En a communfcoJten 
system that optimizes use of available bandwidth. In tho exemplary 
embodmenL system 100 illustrated in FIG. 2 Is consists nt wtlh a CDMA typo 
system having HDR service. 

[T049] According to ono embooonent. the system 100 supports a high-speed 
mu»rnedla broadcasting service referred to as Highspeed Broadcast Service 
(KSBS). An example application for HSBS b video streaming of movies, sports 
events, etc. The HSBS servfeo is a packet data service based on the Internet 
Protocol {IP). According to the exemplary ombodment, a service provider 
Indicates the availabi By of such Kgh-spoed broadcast service to the users. The 
usees desiring tho HSBS service subscribe to receive tho service and may 
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oiscovor ma broadcast service schoduto through ad-vortisemor.ta. Short 
Management System (SMS), Wireless Application Protocol (WAP), otc. Mobile 
users are referred to as Mobile Stations (MSs). Boso Stations (BSs) transmit 
HSBS related parameters in ovomoad messages. When on MS desires to 
receive tho broadcast session, tho MS reads the overhead messages and 
learns (ho appropriate configurations. Tho MS then tunes to the frequency 
containing (ho KSBS channel, and receives tho broadcast sorvico content 
11050] The service being considered (s a highspeed multimedia 
broadcasting service. This sdrvioo is rcforrad to as High-Speed Broadcast 
Servtco (HSBS) In this document. One such examplo Is video streaming of 
movies, sports events, etc. This service wM likely bo a packet data sorvico 
based on tho Internal Protocol (IP). 

[10511 The service provider vvifl indicate tho avaflabiWy cf such rugh-apeed 
broadcast service lo the users. Tho mobile station usors who desire such 
service win subscrtbo to receive this sorvico and may discover the broadcast 
service schedule through advertisements, SMS, WAP. etc. Boso stations vrfS 
transmit broadcast service related parameters in overhead messages. The 
mobiles l hat wish to listen to tho broadcast session will read these messages to 
determine (he appropriate configurations, tuna to the frequency containing 'ho 
higtvspood broadcast channel, and start receiving tho broadcast service 
content 

|1052] There are several possible subscrtptionfrevenuo models (or HSBS 
oervtoe, including free access, oontrofled access, ana partially controlled 
access. For free access, no subscription is neoded by tho mobiles to receive 
the service. The BS broadcasts (ho content without encryption and interested 
mobiles con receive tho content Tho revenue for the sorvico provider can be 
generated through advertisements that may also be transmitted in tho broadcast 
channel. For oxampto. upcoming movie-dips can be transmitted for which the 
studios wifl pay tho service provider. 

(1053] For controlled access, tho MS users subscribe to tho sorvico and pay 
the corresponding feo to receive tho broadcast sorvico. Unsubscribed usors are 
not abb) to receive tho HSBS servtoo. Controlled access can be achieved by 
Brwrypttng the HSBS transmission/content so that only Ihe subscribed users 
can decrypt the content This may use over-the-air encryption key exchange 
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procedures. This schema provides strong security and prevents theft-of- 
servioe. 

[1054} A hybrid access scheme, referred to as partial controlled access, 
provides the HSBS service as a subscription- based service that is encrypted 
with intermittent unencrypted advertisement transmissions. Those 
advertisements may Do intended to encourage subscriptions to the encrypted 
HSBS service. Schedule of these unencrypted segments could be known to the 
MS through externa! means. 

[1055] A wireless communication system 200 is illustrated in FIG. 3. wherein 
video and audio information is provided to Packeilzed Data Service Network 
(PDSN) 202 by a Content Server (CS) 201. The video and audio Information 
may be from televised programming or a radio transmission. The Wormatfcn is 
provided as packetized data, such as in IP packets. Tho PDSN 202 processes 
the IP packets for distribution within an Access Network (AN). As Illustrated the 
AN is defined as the portions of the system Including a BS 204 in 
communication with multiple MS 206. The PDSN 202 is coupled to tho BS 204. 
Per HSBS service, the BS 204 receives tho stream of information from the 
PDSN 202 and provides the information on a designated channel to subscribers 
within tho system 200. To control tho access, the content is encrypted by the 
CS 201 before being provided to the PDSN 202. The subscribed users arc 
provided with the decryption key so that tho IP packets can be decrypted. 
[1056) FIG. 4 details an MS 300. similar to MS 203 of FIG. 3. The MS 300 
has an antenna 302 coupled to receive drcultry 304. The MS 300 receives 
transmissions from a BS (not shown) similar to BS 204 of FIG. 3. The MS 300 
includes a User Identification Modulo (UIMJ 308 and a Mobile Equipment (ME) 
306. The receive circuitry is coupled to the UIM 303 and the ME 306. The UIM 
308 applies verification procedures for security of the HSBS transmission and 
provides various keys to the ME 306. Tho ME 306 may be coupled to 
processing unit 312. Tho ME 306 performs substantial processing, including, 
but not limited to. decryption of HSBS content streams. The ME 306 includos a 
memory storage unit. MEM 310. In the exemplary embodiment the data in the 
ME 3C6 processing (not shown) and the data In the ME memory storage unit, 
MEM 310 may be accessed easily by a non-subscriber by the use of limited 
resources, and therefore, the ME 306 Is said to be insecure. Any information 
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passed to the ME 306 or processed by tha ME 306 remains socuroy secret for 
only a short amount of lime. It rs therefore desired tfiat any secret information, 
such as kerfs), shared with the ME 306 ba changed often. 
[1057] The UIM 308 is trusted to store and process secret information (such 
as encryption toys) that should remain secret for a Jong time. As tho UIM 3C8 is 
a secure unit, tho secrets stored therein do not necessarily require the system 
to chango the secret information often. The UIM 308 includes a processing unit 
referred to as a Secure UIM Processing Unit (SUPU) 318 and memory storage 
unit refaned to as a Secure UIM Memory Unit (SUM I/) 314 that is trusted to be 
secure. Within the UIM 308. SUMU 314 stores secret information In such a 
way that as to discourage unauthorized access to the information. If the secret 
information is obtained from the UiM 308, the access will require a significantly 
large amount of resources. Also wittifi the UIM 308, the SUPU 316 performs 
computations en valuas that may be oxtomaJ to the UIM 308 and/or Internal to 
the UIM 308. The results of the computation may be stored in the SUMU 314 or 
passed to the ME 306. Tho compulations performed with the SUPU 316 can 
only be obtained from the UIM 308 by an entity with significantly large amount of 
resources. Similarly, outputs from the SUPU 316 that are designated to be 
stored within the SUMU 314 (but not output to the ME 306) are designed such 
that unauthorized interception requires significantly targe amount of resources. 
In one embodiment, the UIM 308 is a stationary unit within the MS 300. Note 
that in addition to the secure memory and processing within the UIM 308, the 
UIM 308 may also Include non-secure memory and processing (not shown) for 
storing information including telephone numbers, e-mail address information, 
web page or URL address information, and/or scheduling functions, etc 
[1058] Alternate embodiments may provide a removable artdror 
reprogfBjrunable UIM. In the exemplary ernbodiment, tho SUPU 316 does not 
have significant processing power for functions beyond security and key 
procedures, such as to allow encryption of the broadcast content of tho HS8S. 
Alternate embodiments may implement a UIM having stronger processing 
power, 

[10591 The UIM is associated with a particular user and is used primarily to 
verify that the MS 300 is entitled to the privileges afforded the user, such as 
access to the mobile phone network. Therefore, a user Es associated with the 
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UIM 308 rather than an MS 300. Tho same user may bo associated with 
muttipto UIM 308. 

[1060] Tbo broadcast service faces a problem in determining how to 
distribute koys to subscribed users. To docrypt the broadcast content at a 
particular time, tho ME must Know the currant decryption key. To avoid thoft-of - 
service, the decryption key should be changed frequently, lor example, every 
minuto. These decryption keys am called Short-term Koys (SK). "Rio SK is 
used to docrypt the broadcast content for a short-amount o! time so tho SK can 
be assumed to have some amount of intrinsic monetary value for a user. For 
example, this Intrinsic monetary value may bo a portion of tho registration costs. 
Assume (hat the cost of a rton-subsenbor obtaining SK from the memory 
storage unit, MEM 310, of a subscriber exceeds tho intrinsic monetary value of 
SK. Thai is. tho cosl of obtaining SK (Otogrrimatery) exceeds the reward, so 
(hero Is no benefit Consequently, there b no nood to protect SK in tho memory 
storage unit, MEM 310. However, If a secret key has a lifetime longer than that 
of an SK. than tho cost of obtaining this socrat koy (iHatftimatQfy) Is to*3 *han 
She reward, tn (his situation, there Is a benefit in obtaining such a key from the 
memory storage unit, MEM 310. Hence. Ideally (he memory storage unit. MEM 
310 win not store secrets with a fcfetims longer than that of on SK. 
[1081] The channels used by the CS (not shown) to distribute tho SK to *x> 
various subscriber units are oonaJdened insecure. Therefore, when distributing 
a givon SK, the CS desires to use a techntojuo thai rtfctos (he value of tho SK 
from non-subscribed users. Furthermore, the CS distributes the SK to each of a 
potentially large number of subscribers for processing in respective MEs within 
a relatively short timeframe. Known secure methods of key transmission are 
stow and require transmission of a large number of koys. and are goto rutty not 
feasible for the desired criteria. The exemplary embodiment Is a foasibla 
method of distributing rfocryption keys to a large set of subscribers within a 
smaD time-frame tn such a way that rwxvsubscrtboro cannot obtain the 
decryption keys. 

[1062] In the exemplary embodiment, the MS 300 supports HSBS In a 
wire toss comrnunteatkxi system. To obtain access to HSBS. (he user must 
register and then subscribe to tho service. Once (he subscription is enabled, 
the various keys are updated periodically. In the registration process tho CS 
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and UIM 308 agree on a Registration Key (RK) (hat servos as a security 
association between tho user and tha CS. Tha CS may than said the UIM 
further secret Information encrypted with tha RK. Tha RK Is kept as a secret in 
the UIM 308, and fa unique to a given UIM, I.e., each user fa assigned a 
different RK. The registration process alone does not give tho user access to 
HSBS. As slated hereinabove, after registration the user subscribes to the 
service, in the subscription process the CS sends the DEM 308 the value o! a 
common Broadcast Access Key (BAK). The CS sends the MS 300. and 
specifically UIM 309, iho vaiuo of BAK encrypted using the RK unique to UIM 
308, The UIM 308 is able to recover the value cl the original BAK from the 
encrypted version using the RK. The BAK serves as a security association 
between the CS and the group of subscribed users. Tha CS than broadcasts 
data called SK information {SKI} that is combined with the BAK in tne UiM 308 
to derive SK The UIM 308 then passes SK to the ME 306. En this way. the CS 
can efficiently distribute new values of SK to the ME of subscribed users. 
1 (10631 The following paragraphs discuss tho registration process In more 
detail. When a user registers with a given CS. the UIM 308 and the CS (not 
shown) set-up a security association. That is, the UIM 308 and the CS agree on 
a secret key RK. The RK is unique to each UIM 308. although if a user has 
multiple UlMs then these UIMs may share the same RK dependent on tho 
policies of the CS. This registration may occur when the user subscribes to a 
broadcast channel offered by the CS or may occur prior to subscription. A 
single CS may offer multiple broadcast channels. The CS may choose to 
associate the user with me same RK for aD channels or require tho user to 
register for each channel and associate tho came user with different RKs on 
different channels. Multiple CSs may choose to use the same registration keys 
or require the user to register and obtain a different RK for each CS. 
[1064] Two common scenarios for setting up this security association Include 
(he Authenticated Key Agreement (AKA) method (as used in 3GPP) and the 
Internet Key Exchange (IKE) method as used in IPsec. In either case the UIM 
memory unit SUMU 314 contains a secret key referred to as the A- key. As an 
example, the AKA method is described. In the AKA method tho A-koy is a 
secret known only to the UIM and a trusted third party (TTP): tha TTP may 
consist of more than one entity. The TTP is typically the mobile service provider 
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with whom the user is registered. Atl communication between the CS and TTP 
is secure, and the CS trusts that the TTP wiA not assist unauthorized access to 
the broadcast service. When the user registers, the CS informs the TTP thai 
the user wishes to register for the service and provides verification of the user's 
request. The TTP uses a function (similar to a cryptographic hash function) to 
compute the RK from the A-koy and additional data called Registration Key 
Information (RIG). The TTP passes RK. RKI to the CS over a secure channel 
along with other data not relevant to this submission. Tho CS sends RKI to the 
MS 300. The receiver circuitry 304 passes RKI to the UIM 308 and possibly 
passes RKI to the ME 306. The UIM 308 computes RK from RKI and the A-koy 
mat is stored In the UIM memory unit SUMU 314. The RK is stored In the UIM 
memory untt SUMU 314 and is not provided directly to the ME 306. Alternate 
embodiments may use an IKE scenario or some other method to establish tho 
RK. The RK serves as the security association between the CS and UIM 308. 
[1065] tn the AKA method, the RK is a secret shared between the CS, UIM 
and TTP. Therefore; as used herein, the AKA method implies that any security 
association between the CS and UIM Implicitly includes the TTP. The inclusion 
cf the TTP (n any security association fa not considered a broach of security, as 
the CS trusts the TTP not to assist In unauthorized access to the broadcast 
channel. As stated hereinabove, ft a key to shared with the ME 306, it is 
desirable to chango that key often. This is due to trte risk ol a nan*ubscrber 
accessing information stored in memory storage unit, MEM 310 end thus 
allowing access to a control Jod or partlaffy controlled service. The ME 306 
stores SK (key information used for decrypting broadcast content) In memory 
storage unit, MEM 310. The CS must send sufficient Information for subscribed 
users to compute SK If the ME 306 of a subscribed user could compute SK 
from this information, men additional information required to compute SK cannot 
bo secret tn this case, assume that the ME 308 of a non^ubscflbod user could 
also compute SK from this information. Hence, the value of SK must be 
computed tn the SUPU 316, using a secret key shared by the CS and SUMU 
314. The CS and SUMU 314 share the value cf RK, however each user has a 
unique value cf RK. There b Insufficient time for tho CS to encrypt SK with 
every value of RK and transmit these encrypted values to each subscribed user. 
Some other technique is required. 
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[1066] The following paragraphs discuss the subscription process in more 
detail. To ensure the efficient distribution of me security information SK, ihe CS 
periodically dsiribules a common Broadcast Access Key (BAK) lo each 
subscriber UIM 308. For each subscriber the CS encrypts BAK using the 
corresponding RK to obtafn a value eatiod BAKI (BAK Information), The CS 
sends the correspond fig BAKI to MS 300 of the subscribed user. For example, 
BAK may bo transmitted as an IP packet encrypted using the RK corresponding 
to each MS. In the exemplary embodiment, the BAKI Is an IPSec packet In Ihe 
exemplary embodiment. BAKI Is an IPSec packet containing BAK thai is 
encrypted using RK as the key. Since RK is a por-user key, the CS must send 
the BAK to each subscriber Individually; thus, Ihe BAK Is net sent over the 
broadcast channel. The MS 300 passes the BAKI to the UIM 308. The SUPU 
316 computes BAK using the value of RK stored In SUMU 314 and the value of 
BAKI. The value of BAK is then stored In the SUMU. In tho exemplary 
embodiment, the BAKI contains a Security Parameter Index (SPI) value 
instructing the MS 300 to pass BAKI to the DIM 308, and Instructing the UIM 
S08 to use the RK for decrypting the BAKI. 

[1087) Tho period for updating the BAK is desired to be sufficient to aOow tho 
CS to send tho BAK to each subscriber frtdMduaPy, without Incurring significant 
overhead. Since the ME 308 is not trusted to keep secrete for a long time, the 
UIM 308 does not provide the BAK to the ME 306. Tho BAK serves as the 
security association between the CS and the group of subscribers of HSBS 
service. 

[1068] Tho following paragraph discusses how the SK Is updated following a 
successful subscription process. Wlthfn each period for updating the BAK, a 
short-term Interval is provided during which SK Is attributed cn a broadcast 
channel. The CS uses a cryptographic function to determine two values SK and 
SKI (SK Information) such that SK can be determined from BAK and SKI. For 
example, SKI may be the encryption of SK using BAK as the key. In the 
exemplary embodiment, SKJ is an iPSec packet containing SK that is encrypted 
using BAK as tho key. Alternatively, SK may be the result of applying a 
cryptographic hash function lo the concatenation of the blocks SKI and BAK. 
[10S9J Soma portion of SKI may be predfctabto. For example, a portion of 
SKI may be derived from the system lime during which this SKI is valid. This 
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portion, denoted SK1_A, need nol be transmitted to (he MS 300 as part of the 
broadcast service. The remainder of SKI. SKI_B may be unpredictable. The 
SKI_B need not be transmitted to Ihe MS 300 as part of (ho broadcast service 
The MS 300 reconstructs SKI from SK}_A and SKLB and provides SKI to UIM 
308. The SKI may be reconstructed within the UIM 300. The value of SKI must 
change for each new SK. Thus, either SKI_A and/or SKLB must change when 
computing a new SK. The CS sends SKI _B to BS for broadcast transmission. 
The BS broadcasts SKLB, which Is detected by the antenna 302 and passed to 
the receive circuitry 304. Receive circuitry 304 provides SKLB to the MS 300, 
wherein the MS 300 reconstructs SKI. The MS 300 provklea SKI to UIM 308. 
wherein Ihe UIM 308 obtains tho SK using the BAK stcrod in SUMU 314. The 
SK Is then provided by UIM 308 to ME 306. The ME 308 stores the SK in 
memory storage unit, MEM 310. The ME 306 uses tha SK to decrypt broadcast 
transmissions received from the CS. 

{1070] In Ihe exemplary embodiment, the SKI also contains a Security 
Parameter Ends* (SPi) valuo instructing the MS 300 to pass SKI to the UIM 308, 
and instructing the UEM 308 to use the BAK for decrypting tho SKI. After 
decryption, the UIM 308 passes the SK to the ME 306, wherein ME 306 uses 
the SK to decrypt broadcast content. 

P071] The CS and BS agree on some criteria for when SKLB Is to bo 
transmitted. Tho CS may desire to reduce ihe intrinsic monetary value tn each 
SK by changing SK frequently. In this situation, the desire to change SKLB 
data is balanced against optimizing available bandwidth. Tho SKLB may be 
transmitted on a channel other than the broadcast channel. When a user 
•tunes* to the broadcast channel, tho receive circuitry 304 obtains information 
for locating the broadcast channel from a 'control channel." it may be desirable 
to allow quick access when a user -tunes" to the broadcast channel. This 
requires the ME 306 to obtain SKI within a short amount of time. Tho ME 306 
will already know SK|_A, however, the BS must provide SKLB to ME 300 within 
this short amount of time. For example, the BS may frequently transmit SKLB 
on the control channel, (along with the information for locating the broadcast 
channel), or frequently transmit SKLB on the broadcast channel. The more 
often that the BS "refreshes' the value of SKLB, the faster the MS 300 can 
access the broadcast message. The desire to refresh SKLB data b balanced 
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against optimizing avaiaWo bandwidth, as transmitting SKJ_B data loo 
frequently may use an unacceptable amount of bandwidth In the control channel 
or broadcast channel. 

[1072} This paragraph discusses the encryption and transmission of the 
broadcast content The CS encrypts the broadcast content using the currant 
SK. The exemplary embodiment employe an encryption algorithm such as the 
Advanced Encryption Standard (AES)h Cipher Algorithm. In the exemplary 
embodiment, the encrypted content is then transported by an IPsec packet 
according to the Encapsulating Security Paytoad (ESP) transport mode. The 
IPsec packet also contains an SPI voJuo that instructs the ME 308 to use the 
current SK to decrypt received broadcast content. The oncryptod content is 
sont via the broadcast channel. 

[1073) Receive circuitry 304 provides the RKt and BAKI directfy to the UIM 
308. Further, receivo circuitry 304 provides the SKl_B to an appropriate part ct 
the MS 300 where it Is combined wJth SKLA to obtain SKI. The SKI is provided 
to the UIM 308 by (he rofcva.il part of the MS 300: The UIM 308 computes RK 
from the RKJ and A-koy, decrypts the BAK3 using the RK to obtain BAK, and 
computes the SK using the SKI and BAK. to generate an SK for use by the ME 
306. The ME 308 decrypts the broadcast content using the SK. The UIM 308 
of the exompiary embodiment la not sufficiently powerful for decryption of 
broadcast content in real time, and, therefore, SK Is passed to the ME 306 tor 
decrypting the broadcast content 

[1074} FIG. 5 illustrates the transmission and processing of keys RK, BAK 
and SK according to the exemplary embodiment. As illustrated, at registration 
the MS 300 reserves the RKI and passes it to UIM 308, wherein the SUPU 316 
computes RK using RKt and (he A-key. and stores the RK in UiM memory 
storage SUMU 314. The MS 300 periodically receives the BAKI that contains 
BAK encrypted using the RK value specific to UIM 308. The encrypted BAKI Is 
decrypted by SUPU 316 to recover the BAK. which is aloud In UIM memory 
storage SUMU 314. The MS 300 further penodfcairy receives an SKLB that it 
combines with 5KI.A to form SKI. The SUPU 316 computes SK Irom SK! and 
BAK. The SK is provided to ME 306 for decrypting broadcast content 
[1075] in the exemplary embodiment the CS keys are not necessarily 
encryptod and transmitted to the MSe; the CS may use an alternative method. 
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The koy information generated by the CS tor transmission to each MS provides 
sufficient information for the MS to calculate tho koy. As illustrated in the 
system 350 of FIG. 6, the RK Is generated by the CS, but RK Information (RKI) 
is transmitted to the MS. The CS sends Information sufficient for the U1M to 
derive the RK, wherein a predetermined function Es used to derive tho RK from 
transmitted information from the CS. The RKf contains sufficient Information for 
the MS to determine the original RK from the AJcey and other values, such as 
system time, using a predetermined public function labeled dt , wherein; 
(1076) RK c d1{A-key, RKI)„ (3) 

[1077] In the exemplary embedment, the function dt defines a 
cryptographic-type function. According to one embodiment, RK Is determined 
as: 

[1078] RK a SHA'(A>key ]| RKI ), (4) 

[1079] wherein *|f denotes the concatenation of no blocks containing A-koy 
and RKI. and SHA'(X) denotes tho last 128-bits of output of the Secure Hash 
Algorithm SHA-1 given tho input X. in an altomativo embodiment, RK is 
detennined as: 

[1080] RK S3 AES(A-key,RKI), (S) 

[1081] wherein AES{X,Y) denotes the encryption of the 128-bft block RKI 
using the 128-bH A-key. In a further embodJmenl based on the AKA protocol, 
RK is determined as the output of Ihe 3GPP key generation function O, wherein 
RKI includes the value of RAND and appropriate values ot AMF and SON as 
defined by the standard. 

[1082] Tho BAK is treated in a different manner bocauso multiple users 
having different values of RK must compute the same value of BAK. The CS 
may use any technique to determine BAK. However, the value of BAKI 
associated with a particular UIM 308 must bo the encryption cf BAK under tho 
unique RK associated with that UIM 308. Tho SUPU 316 decrypts BAKI using 
RK stored in the SUMU 314 according to the function labeled d2, according to: 
[1 063] BAK ° d2(BAKf , RK). (9) 

[1084] In en alternate embodiment, the CS may compute BAKI by applying 
a decryption process to BAK using RK, and the SUPU 316 obtains BAK by 
applying the encryption process to BAKI using RK. This is considered 
equivalent to the CS encrypting BAK and me SUPU 316 decrypting BAKI. 
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Alternate embodiments may Implement any number of toy combinations in 
addition to or In place of thoso Bustraied cn RG. 6. 

[10851 Trio SK la treated En a similar manner to RK. First SKI is dartvod from 
the SKI Jk and SKI_B (SKJ_B Is tho Information transmitted from CS to MS). 
Then a predetermined function labeled d3 b used to derive tha SK from SKI and 
BAK (stored In the SUMU 314). according toe 
tlOBO] SK = d3(BAK,SKI). (6) 

[1087] In ono embodiment, tho function d3 defines a cryptographic-typo 
function. In an exemplary embodiment, SK is computdd sa: 
[1C38] SK«SHA(BAK||SKI), (7) 

[1 089] while In another ernbodlmcrtt, SK Is computed as 
[1 0301 SK» AES{ BAK. SKI ). (8) 

[1091] A method of providing tha security for a broadcast message is 
illustrated in HQs. 7A-70. FIG. 7A l[Iustratos a registration process 400 
who rein a subscriber negotiates registration with the CS at step 402. The 
registration at stop 404 provides the UIM a unique RK. Tho Ui.M stores the RK 
In a Secure Mamery Unit (SUMU) at step 408. FIG. 7B Illustrates subscription 
processing 420 between a CS and a MS. At slap 422 tho CS generates a BAK 
for a BAK time ported Tt. The BAK Is valid throughout the BAK time period T1 , 
wherein the BAK is periodical* updated. At stop 424 the CS authorizes the 
UIM to have access to the Broadcast Content (BC) during tho BAK timer poriod 
T1. At step 426 tho CS encrypts tho BAK using each individual RK for each 
subscriber. The encrypted BAK fs referred to as Ihe BAK1. Tho CS (hen 
transmits tho BAKI to the UIM at step 428. Tho UIM recefvos tho BAKI and 
performs decryption using the RK at step 430. The decrypted BAKI roouits in 
the ohginaDy perorated BAK The UIM stores tho BAK n a SUMU at stop 432. 
Tho UIM then receives Ihe broadcast session and Is ablo lo access (ho BC by 
applying tho BAK to docryoticn of the encrypted broadcast (EEC). 
[1092] RG, 7C atustrates a method of updating keys for security encryption 
in a wtrotess communication system supporting broadcast oetveo. Tho method 
440 Implements lime periods as gfven tn FIG. 7E. The BAK Is updated 
periodically having a time period T1. A timer tt is initiated when BAK is 
calculated and times cut at T1. A variable Is used (or calculating tho SK 
referred lo as SK RAND, which is updated periodically having a time period T2. 
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A fcmor 12 Is initiated when tho SK.RAND is gonoratod and times out al T2. In 
ono ombodtmotii. (ho SK is further updated ponodicaUy having a period ol 73. 
A imor 13 is Wtiated when each SK is go no rat ad and limo out al time T3. Tho 
SK_RAND is generated at (no CS and provided poriodfcalry to the MS. The MS 
and the CS uso SKJUND to nanerato the SK, as detailed hereirtbetow. 
[1093] A first timer 11 is reset when tho applicable vakio of BAK b updated. 
The length of limo between two DAK updates Is the BAK update period, tn tho 
exemplary embodiment iho BAK update period is a month, however, alternate 
entoodiments may impJernartt any timo period desired for optimum operation of 
tho system, or to satisfy a vanoty of system criteria 

[1094] Continuing with FIG, 7C. tho method 440 initiatizDS tho ttmor XZ al 
stop 442 to start the SK_REQ time period T2. The CS gonerales SK.RANO 
and provides tho value to transmit circuitry for transmission throughout the 
system at etep 444. The timer 13 Is initialized at step 446 to start tho SK time 
period T3. TheCS then encrypts tho BC using the current SK at step 448. Jhe 
encrypted product is tho ESC, wherein the CS provides the EEC to transmit 
circuitry for transmission in tho system. If tho timer t2 has expired at decision 
diamond 460, processing returns to step 442. While 12 Is toss than T2, if the 
timer t3 has expired at decision diamond 462. processing returns to step 446: 
eteo processing returns to 450. 

[1095] FIG. 7D Klustrates iho operation of the MS accoastog a broadcast 
servtco. The method 460 first syr^chrontoos the timers Q and t3 with the vatues 
at tho CS at stop 462. The UIM of the MS rocervos the SK^RAND generated by 
tho CS at step 464. At stop 468 the UIM generates tho SK using the 
SK_RAND, BAK, and a timo measurement Tho UIM passes the SK to tho ME 
of the MS. Tho UIM then decrypts the rocofved EBC using the SK to extract the 
original BC at step 468. When tho timer t2 expires at step 470 processing 
returns to step 462. White iho timer 12 is leas than T2, if the timer 13 expires at 
step 472, the Cmor t3 is Enitiafood at step 474 and returns to 466. 
[1098) When the user subscribes to tho broadcast service for a particular 
BAK update period, the CS sends the appropriate information BAKI 
(corresponding to the BAK encrypted with the RK). This typically occurs prior to 
the beginning of thh BAK update period or when tho MS first turns to tho 
broadcast channel during this BAK update period. This may be initiated by the 
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MS or CS according to a variety of criteria. Multiple BAK1 may be transmitted 
and decrypted simultarwously. 

[1097] Note mat when oxp ration of the DAK update period Is Imminent, tho 
MS may request the updated BAK from tho CS (fine MS has subscribed for tho 
next BAK update period In an alternate embodiment the first timer tl b used 
by the CS, where upon oxptration of the timer, i.e., satisfaction of the BAK 
update period, the CS transmits the BAK. 

[1098] Note (hat it b possible for a user to receive a BAK during a BAK 
update period, wherein, for example, a subscriber joins the service mid-month 
when the BAK updates are performed monthly. Additional)/, tho time periods 
for BAK and SK updates may be synchronized, such thai &D subscribers are 
updated at a given time. 

[1099] FIG. 8A illustrates the registration process in a wireless 
communication system 500 according to tho exemplary embodiment Tho CS 
502 negotiates with each subscriber, Lo., MS 512. to generate a specific RK to 
1 each ot Che subscribers. The RK is provided to Iho SUMLf urtH within tho UIM of 
each MS. As frustrated, tho CS 502 generates RKi which is stored in SUMU, 
510 within UIM, 512. Similarly, the CS 502 generates RK* and RK M which are 
stored In SUMU 2 520 wtthfn UlKfe 522 and SUMUn 530 within UIM» 532. 
respectively. 

[1100] FIG. BB Illustrates tho subscription process in the system 500. The 
CS 502 further includes multiple encoders 504. Each ot tno encoders 504 
receives one ol the unique RKs and tho BAK value generated in tho CS 502 
Tho cutout cf each encoder 504 is a BAK1 encoded specifically for a subscriber. 
The BAK! is received at tho UIM of each MS, such as UIM, 512. Each UIM 
includes a SUPU and a SUMU, such as SUPU, 514 and SUWU, 510 of UIMi 
512. Tho SUPU Includes a decoder, such as decoder 516 thai recovers the 
BAK by application of tho RK of tho UIM. The process ts repeated at each 
subscriber. 

[1101] Key managomonl and updates ore illustrated In FIG. 5C, wherein tho 
CS appffcs a function 508 to oorrerate a value of SK_RAND, which is an Interim 
valuo used by the CS and MS to calculate SK. Specifically, the function 508 
applies tho BAK value, Ow SK^RAND and a time factor. WhUo the orntKxfimont 
Uustrated In FIG. 8C appflos a timer to determine when to update the SK, 
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aitomato embodiments may uso alternate measures to provide panose 
updates, tor example occurrence of an error or ether event. The CS provides 
tho SK.RAND value to each of the subscribers, wherein a function 518 resident 
In each UtM applies the same function as in function 508 of tho CS. Tho 
function 516 operates on the SK_RAND, BAK and a timer value to gene rata a 
SK lhal is stored In a memory location in the ME, such as MEM, 542 of ME, 
540. 

[1102) FIG. 80 illustrates tho processing of BC alter registration and 
subscription. Tho CS 502 inctodos an encoder 560 that encodes the BC using 
tho current SK to generate the EBC. The EEC is then transmitted to the 
subscribers. Each MS Includes an encoder, such as encoder 544, that extracts 
Ihe BC from the EBC using the SK. 

[1 103] While (he present Invention has been described with respect to an 
oxemptary embodiment of a wireiess communication system supporting a uni- 
directional broadcast service, the encryption methods and key managsment 
described horotnabovo is further applicable to other data processing systems, 
including a mulli-cast typo broadcast system Still further, application of tho 
piesent invention to any data processing system wherein multiple subscribers 
access a single transmission of secure information through an insecure 
channel. 

[1 104] Those of skin In the art would understand lhal information and signals 
may be represented using any of a variety of different technoJogias and 
techniques. For examplo, data, instructions, cenwands, infermation, signals, 
bits, symbols, and chips that may bo referenced throughout tho abovo 
description may be represented by voftagos. currents, electromagnetic waves, 
magnetic fields or particles, optical folds or particles, or any combination 
thereof. 

(1105] Those of skQ would further appreciate that (he various Blustrativo 
logical blocks, modules, circuits, and akjorhhm steps described in connection 
with the embodiments disclosed herein may be implemented as otedroric 
hardware, computer software, cr oanbinaUcna cf both. To ctearty iUu3trato this 
WorohaTgoabfliy of hardware and software, various iflustra&ve components, 
blocks, modules, circuits, and steps have been described abovo generally in 
terms of their functionality. Whether such functionality is impSomentod as 
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hardware or software depends upon the particular application and design 
constraints imposed on the overall system. Skilled artisans may implement ths 
described functionality In varying ways for each particular application, but such 
implementation decisions should not be interpreted as causing a departure from 
the scope of the present invention. 

11106] The various Illustrative logical blocks, modules, and drcufts described 
In connection with the embodiments disclosed heroin may be implemented or 
performed with a general purpose processor, a digital signal processor (DSP), 
an application specific integrated circuit (ASIC), a field programmable gate array 
(FPGA) or other programmable logic device, discrete gate or transistor logic, 
discrete hardware components, or any combination thereof designed to perform 
the functions described herein. A general purpose processor may be a 
microprocessor, but in the alternative, the processor may bo any conventional 
processor, controller, microcontroller, or state machine. A processor may also 
bo implemented as a combination of computing devices, e.g., a combination of 
a DSP and a microprocessor, a plurality of microprocessors, one or more 
rnicroprocossors in conjunction with a DSP core, or any other such 
configuration. 

[1 107] The steps of a method or algorithm described in connection with the 
embodiments disclosed herein may ba embodied directly in hardware, tn a 
software module executed by a processor, or in a combination of the two. A 
software modJle may reside In RAM memory, flash memory. ROM memory, 
EPROM memory. EEPROM memory, registers, hard disk, a removabfe disk, a 
CD-ROM, or any other form of storage medium known in the art. An exemplary 
storage medium ts coupled to the processor such the processor can read 
information from, and write information to, the storage medium. In the 
alternative, me storago medium may be integral to the processor. The 
processor and the storage medium may reside in an ASIC. The ASIC may 
reside in a user terminal. In the alternative, the processor and the storage 
medium may reside as discrete components in a user terminal. 
[11 08] The previous description of the disclosed embodiments is provided to 
enabfe any person skilled in the art to make or use the present invention. 
Various modifications to these embodiments will bo readily apparent to those 
skilled in the art, and the generic principles defined herein may be applied to 
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other embodiments without departing from the spttt or scope of the Invention. 
Thus, the present invention Is not Intended to be Med to ito embodiments 
shown hereto but is to be accorded the widest scope consistent wftti the 
principles and novel features disclosed herein. 

11109] WHAT IS CLAIMED IS: 
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8. The method as in claim 7, further comprising: 

2 calculating a first key information measago corresponding to tho updated 

and encrypted first key; and 
4 transmitting tho first key inf ormaticn massage. 

9. The method as In dalm 8, further comprising: 

2 calculating a second key Information message corresponding to the 

updated and encrypted second key; and 
4 transmitting ihe second key information message . 

10. The method as In claim 1, further comprising: 
2 transmitting (ho encrypted first key; and 

transmitting the encrypted second key. 

1 1 .A method for secure reception of a transmission, the method comprising: 
2 receiving a registration key specific to a participant in a 1 ransrrtsston; 

receiving a first key; 
4 decrypting the first key with the registration key; 

receiving a second key; 
6 decrypting the second key with the first key, 

receiving a broadcast stream of information; and 
6 decrypting the broadcast stream of information using tho second koy. 

12. The method as in claim 1 1 , further comprising: 

2 storing (he first key in a secure memory storage unit; and 

storing the second koy fn a memory storage imt 

13. Tho method 03 In dalm 1 1, further comprising: 

2 recovering the first key from a first koy rnformatcn message; and 

recovering the second key from a second key information message. 

14. The method as in claim 1 1 , further comprising: 

2 updating the first key according to a first time period; and 

updating the second key according to a second time period. 
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15. In a wireless communication system supporting a broadcast scrvteo option. 
2 an infrastrLCtu re etement cam p rising: 

a receive circvhfy; 

4 a user identification unit, oporatrve to recover a short-timo key for 

decrypting a broadcast message, comprising: 
6 processing unit oporatrve to decrypt key Information; 

memory storage unit for storing a registration key; and 
8 a mobile equipment unit adapted to apply the short-time key for 

decrypting the broadcast message. 

16. The infrastructure element as in claim 15, wherein the short-time key is 
2 processed by the user Wentffteatten unit and passed to the mobile equfpment 

unit 

1 7. The infrastructure element as in dalm 15. wherein the msmory storage unit 
2 is a secure memory storage unit 

le.The infrastructure element as in dalm 15. wherein me memory slorage unit 
2 stores a broadcast access key, and wherein (he processing unit decrypts the 
short-timo key using the broadcast access key. 

19. The infrastructure element as En claim 18. wherein the short-time key is 
2 updated at a first frequency. 

20. The infrastructure element as tn claim 19, wherein the broadcast access key 
2 is updated at a second frequency toss than the first frequency. 

21. Tho infrastructure olement as in claim 15. who rein the broadcast service 
2 option is a video service. 

22. A wireless communication system, comprising: 

2 means for determining a registration key specific to a participant in a 

transmission; 
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4 means for determining a first key, 

means for encrypting the first key with the registration key; 
6 means for determining a second key; 

means for encrypting the second koy wfth the first key: and 
8 means for updating me first and second keys. 

23. An Infrastructure element, comprising: 

2 means for receiving a registration key specific to a participant in a 

transmission; 
4 means for receiving a first key; 

moans for decrypting the first key with the registration key, 
6 means for receiving a second key; 

means for decrypting ihe second key with the first key; 
8 moans for receiving a broadcast stream of information; and 

means for decrypting the broadcast stream of Information using the 
10.- second key. 

24. A digital signal storage device, comprising: 

2 first set of Instructions for receiving a registration key specific to a 

participant in a transmission; 
4 second sot of instructions for receiving a first key; 

third set of instructions for decrypting the first key with the registration 
6 key; 

fourth set oi instructions for receiving a second key; 
8 fifth set of instructions for decrypting the second koy with the first key; 

sixth set of instructions for receiving a broadcast stream of information; 
10 and 

seventh sot of instructions for decrypting tho broadcast stream of 
12 information using the second key. 
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